Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more21st August 2011, 4:41 pm

Hello...I hope this isn't a duplicate, because I went to preview the first e-mail and completely lost the post.

Anyway, it all started when I had to get a new network card and drivers (installed at the computer store here) and a new router (router from my internet provider) and installation program online.

At that time, I was unable to bring up gamehouse.com on a web page. It always says it couldn't locate the page.

Also, if I played a game or if I went to a few sites, I would have to reboot my computer.

I then went to Stopzilla and did a scan. It found 178 problem files. In that scan it had the trojans listed in the subject line. The files are quarantined, but to remove the files I would have to purchase their program (which I am unable to do at this time).

I hope you are able to help me. Thanking you in advance!

OTL Extras logfile created on: 8/21/2011 4:32:10 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 203.10 Mb Available Physical Memory | 39.82% Memory free
1.73 Gb Paging File | 0.66 Gb Available in Paging File | 38.14% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 98.74 Gb Free Space | 66.25% Space Free | Partition Type: NTFS

Computer Name: GINA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10399D88-1CDC-4250-B957-B471EDD68591}_is1" = Jane's Hotel 3
"{15565047-F5FB-4662-81D1-8A3EF376297E}_is1" = Cooking Dash DinerTown Studios
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19D8CFB2-FDDB-4D95-A6B3-CFE3472C2ACF}_is1" = Fitness Dash
"{1C617650-8B88-48D6-A6A2-EBF1744AF372}_is1" = Cash Out
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D4D03C-F70B-43d9-82E4-6E5696FB0D1D}" = IObit Toolbar v4.6
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3121F433-5BB6-4E8A-985A-A3F76B03160F}_is1" = Gold Miner Vegas
"{32C4660C-73A4-48AB-BDB6-231FF324DDEC}_is1" = Delicious 5
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{345034AE-5CB5-42C4-AA43-5993A6004927}_is1" = Ye Old Sandwich Shoppe
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3576A28B-6882-4790-B3C6-780DEA449806}_is1" = Jewel Quest Heritage
"{35BD3C84-8C9D-4ACB-BECF-C04E120D4807}_is1" = Cake Mania Main Street
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{40B6149B-D1F4-4D61-9456-72C5D553110E}_is1" = Keys to Manhattan
"{42AEB776-99CB-4F34-803C-0F99180814B9}_is1" = Luxor 5th Passage
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E9751B6-9971-4CEA-8E95-252AD0C079E4}_is1" = Sushi Frenzy
"{530241F4-D15B-4E0B-B3F3-47F83BC285AA}" = STOPzilla
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1" = FileServe Manager 1.0.0.3024
"{5B2ABC0F-1F6D-4BC0-88DE-EF32EDA92B36}" = SymNet
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5E97B802-0F3E-4EF9-9CDA-E14B7E42BB49}_is1" = Casino Island To Go
"{60D7AF14-0A47-450E-9547-B96238B22B63}_is1" = Treasures of Montezuma 3
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63B6AF9D-FB3C-4500-A67B-F51F38778CAE}_is1" = Cake Mania To the Max
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6CB9F96B-F6F9-4620-AB4D-CA8BBC04DA90}_is1" = Vacation Quest The Hawaiian Islands
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113721697}" = Diner Dash Hometown Hero
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114079860}" = Tri Peaks 2 Quest For The Ruby Ring
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960}" = Word Whomp( TM) Underground
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117336373}" = Diner Town Detective Agency
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119525623}" = Dream Day True Love
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3BCBC4-301A-401A-9C6F-971A040CCCF8}_is1" = The Pirate Tales
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901E076E-371C-47A9-A5BA-37159F1C3887}_is1" = Luxor Adventures
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92A83D67-8C71-45CB-A687-E45750E5177B}_is1" = Woodwille Chronicles
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954615A2-881D-4A45-80C4-F26AB0378C9A}_is1" = Gourmania 3 Zoo Zoom
"{95E84093-017F-4819-A18F-EC72950850F0}_is1" = Sally's Studio
"{99082F38-3333-4C88-9C3B-C15E85A34D1D}_is1" = Paradise Quest
"{99089A57-141C-4B26-977A-520E812211FF}" = ASPCA Tri Reminder by We-Care.com
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BEE12D0-C2BF-4865-A8F6-6F46577F4FB4}_is1" = Yard Sale Hidden Treasures Lucky Junction
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FDE1FEB-6774-4F21-976A-6AD48BDE19A7}_is1" = Julia's Quest United Kingdom
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1675E3-4D03-4808-BDF5-992619544D12}" = Intel(R) Network Connections 16.4.69.0
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B8AD00BF-50EC-4029-84DF-D325B41C2466}_is1" = Jewel Keepers Easter Island
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E425B12D-527B-4C80-8D0E-0B16A5D8BCBD}_is1" = Delicious Emily's Childhood Memories
"{E49D9754-D328-41DC-87DD-E6F02DE4B153}_is1" = Luxor HD
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F46F704F-25B7-40E9-9273-EB729A193744}_is1" = Jewel Quest Mysteries The Seventh Gate
"{F8EF4778-F413-4BC5-94F1-92C86F735D61}_is1" = Cooking Dash 3 Thrills and Spills
"{FAE873F5-4F09-4CCB-9F78-BDFADF295B92}_is1" = Delicious winter edition Deluxe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"All Knight Diner (Diner Dash Hometown Hero - Gourmet)" = All Knight Diner (Diner Dash Hometown Hero - Gourmet)
"alotToolbar" = ALOT Toolbar
"Amazon Kindle" = Amazon Kindle
"am-burgerislandr2themissingingredient" = Burger Island(R) 2 - The Missing Ingredient
"am-cakemanialightscameraactiontm" = Cake Mania - Lights, Camera, Action!(TM)
"am-chroniclesofalbianthemagicconvention" = Chronicles of Albian - The Magic Convention
"am-farmfrenzy3madagascar" = Farm Frenzy 3 - Madagascar
"amg-10daysunderthesea" = 10 Days Under The Sea
"amg-1912titanicmystery" = 1912 Titanic Mystery
"amg-abundante" = Abundante!
"amg-bigcityadventuretmnewyorkcity" = Big City Adventure(TM) - New York City
"amg-bigkahunareef2chainreaction" = Big Kahuna Reef 2 - Chain Reaction
"amg-burgerbustle" = Burger Bustle
"amg-coffeerush" = Coffee Rush
"amg-coffeerush2" = Coffee Rush 2
"amg-cradleofrome2" = Cradle of Rome 2
"amg-cruisecluestmcaribbeanadventure" = Cruise Clues(TM) - Caribbean Adventure
"amg-cursedhouse" = Cursed House
"amg-darkparablescurseofbriarrose" = Dark Parables - Curse of Briar Rose
"amg-delicious2deluxe" = Delicious 2 Deluxe
"amg-deliciousemilysholidayseason" = Delicious - Emily's Holiday Season
"amg-deliciousemilystasteoffame" = Delicious - Emily's Taste of Fame
"amg-deliciousemilysteagarden" = Delicious - Emily's Tea Garden
"amg-detectiveagency" = Detective Agency
"amg-dominomastergold" = Domino Master Gold
"amg-dragonportals" = Dragon Portals
"amg-dragonstone" = Dragon Stone
"amg-dressuprush" = Dress Up Rush
"amg-farmfrenzy" = Farm Frenzy
"amg-farmfrenzy2" = Farm Frenzy 2
"amg-farmfrenzy3americanpie" = Farm Frenzy 3 - American Pie
"amg-farmfrenzypizzaparty" = Farm Frenzy - Pizza Party!
"amg-farmmania" = FarmMania
"amg-fashionassistant" = Fashion Assistant
"amg-fashionboutique" = Fashion Boutique
"amg-flashdating" = Flash Dating
"amg-gemsweeper" = Gemsweeper
"amg-goldfever" = Gold Fever
"amg-goldrushtreasurehunt" = Gold Rush - Treasure Hunt
"amg-gourmania" = Gourmania
"amg-heroesofkalevala" = Heroes of Kalevala
"amg-hiddenmagic" = Hidden Magic
"amg-hotdoghotshot" = Hotdog Hotshot
"amg-jessicascupcakecafe" = Jessica's Cupcake Cafe
"amg-jewelmatch2" = Jewel Match 2
"amg-kitchenbrigade" = Kitchen Brigade
"amg-liongthelostamulets" = Liong - The Lost Amulets
"amg-lostinreefs" = Lost in Reefs
"amg-luxorquestfortheafterlife" = Luxor - Quest for the Afterlife
"amg-mahjongginvestigationsundersuspicion" = Mahjongg Investigations - Under Suspicion
"amg-makingmrright" = Making Mr. Right
"amg-marykayandrewsthefixerupper" = Mary Kay Andrews - The Fixer Upper
"amg-matchmakerjoininghearts" = Matchmaker - Joining Hearts
"amg-memorabiliamiasmysteriousmemorymachine" = Memorabilia - Mia's Mysterious Memory Machine
"amg-mortimerbeckettandthetimeparadox" = Mortimer Beckett and the Time Paradox
"amg-mysterylegendstmsleepyhollow" = Mystery Legends™ - Sleepy Hollow
"amg-mysterystoriesislandofhope" = Mystery Stories - Island of Hope
"amg-mysticemporium" = Mystic Emporium
"am-gourmania2greatexpectations" = Gourmania 2 - Great Expectations
"amg-pennydreadfulstmsweeneytodd" = Penny Dreadfuls(TM) Sweeney Todd
"amg-picketfences" = Picket Fences
"amg-pizzachef" = Pizza Chef
"amg-poshboutique" = Posh Boutique
"amg-poshboutique2" = Posh Boutique 2
"amg-poshshop" = Posh Shop
"amg-rainforestadventure" = Rainforest Adventure
"amg-ranchrush" = Ranch Rush
"amg-sallysquickclips" = Sally's Quick Clips
"amg-sallyssalon" = Sally's Salon
"amg-sallysspa" = Sally's Spa
"amg-successstory" = Success Story
"amg-supermarketmanagement" = Supermarket Management
"amg-supermarketmania" = Supermarket Mania
"amg-supermarketmaniar2" = Supermarket Mania(R) 2
"amg-thelostcasesofsherlockholmes" = The Lost Cases of Sherlock Holmes
"amg-thetreasuresofmontezuma2" = The Treasures of Montezuma 2
"amg-thetreasuresofmysteryisland" = The Treasures of Mystery Island
"amg-tikibar" = TikiBar
"amg-tropicalfarm" = Tropical Farm
"amg-wizardland" = Wizard Land
"amg-wizardshat" = Wizard's Hat
"amg-wordtravels" = Word Travels
"amg-youdasushichef" = Youda Sushi Chef
"amg-zumadeluxe" = Zuma Deluxe
"am-hobbyfarm" = Hobby Farm
"am-mirielsenchantedmystery" = Miriel's Enchanted Mystery
"am-mortimerbeckettandthelostking" = Mortimer Beckett and the Lost King
"am-mortimerbeckettandthesecretsofspookymanor" = Mortimer Beckett and the Secrets of Spooky Manor
"am-ranchrushr2" = Ranch Rush(R) 2
"am-theclockworkmanthehiddenworld" = The Clockwork Man - The Hidden World
"am-thetreasuresofmysteryisland2thegatesoffate" = The Treasures of Mystery Island 2 - The Gates of Fate
"am-zumasrevengetmadventure" = Zuma's Revenge!(TM) - Adventure
"AquaPearls_is1" = AquaPearls
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BDStudioGames_is1" = BDStudioGames
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Cake Mania 3" = Cake Mania 3
"BFG-Cake Shop" = Cake Shop
"BFG-Cooking Quest" = Cooking Quest
"BFG-Dream Day First Home" = Dream Day First Home
"BFG-Dream Day Wedding - Married in Manhattan" = Dream Day Wedding: Married in Manhattan
"BFG-Restaurant Rush" = Restaurant Rush
"BFG-Sea Journey" = Sea Journey
"BFG-Turbo Fiesta" = Turbo Fiesta
"BFG-Turbo Pizza" = Turbo Pizza
"BFG-Turbo Subs" = Turbo Subs
"BFG-Wedding Dash 4-Ever" = Wedding Dash 4-Ever
"BFG-Wedding Salon" = Wedding Salon
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"Burger Island" = Burger Island
"Burger Shop" = Burger Shop
"BurgerTime Deluxe" = BurgerTime Deluxe
"Cake Mania To the Max" = Cake Mania To the Max (remove only)
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CenturyLink Remote Control" = CenturyLink Remote Control
"CheckIt Diagnostics" = CheckIt Diagnostics
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Cooking Dash" = Cooking Dash
"Delicious 2 Deluxe" = Delicious 2 Deluxe
"Diner Dash" = Diner Dash
"Diner Dash Hometown Hero - Gourmet" = Diner Dash Hometown Hero - Gourmet
"Dream Day First Home" = Dream Day First Home
"Excel" = Microsoft Excel 97
"Farm Frenzy: Gone Fishing" = Farm Frenzy: Gone Fishing
"FarmMania2_is1" = FarmMania2
"Fashion Dash" = Fashion Dash
"Game Booster_is1" = Game Booster
"GameBox" = GameBox Toolbar
"GamesBar" = GamesBar 2.0.1.81
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IObit Malware Fighter_is1" = IObit Malware Fighter
"iWinArcade" = iWin Games (remove only)
"Jane's Hotel" = Jane's Hotel
"Jane's Hotel Family Hero" = Jane's Hotel Family Hero
"Jewel Quest" = Jewel Quest
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Outlook 98" = Microsoft Outlook 98
"Miriel the Magical Merchant" = Miriel the Magical Merchant
"Mortimer Beckett and the Secrets of Spooky Manor" = Mortimer Beckett and the Secrets of Spooky Manor
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Pharaoh's Feast (Diner Dash Hometown Hero - Gourmet)" = Pharaoh's Feast (Diner Dash Hometown Hero - Gourmet)
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Ranch Rush_is1" = Ranch Rush
"RealArcade" = RealArcade
"RealoreStudios Toolbar" = RealoreStudios Toolbar
"RealPlayer 12.0" = RealPlayer
"Reel Deal Slot Quest: Alice in Wonderland" = Reel Deal Slot Quest: Alice in Wonderland (remove only)
"Reel Deal Slot Quest: Under the Sea" = Reel Deal Slot Quest: Under the Sea (remove only)
"Romantic Rendezvous Restaurant (Diner Dash Hometown Hero - Gourmet)" = Romantic Rendezvous Restaurant (Diner Dash Hometown Hero - Gourmet)
"Sandlot Connect_is1" = Sandlot Connect Version 1.2.6
"Sara's Super Spa Deluxe" = Sara's Super Spa Deluxe
"SearchElf_1.1 Toolbar" = SearchElf 1.1 Toolbar
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag_is1" = Smart Defrag
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Dash Slipper (Diner Dash Hometown Hero - Gourmet)" = The Dash Slipper (Diner Dash Hometown Hero - Gourmet)
"UnityWebPlayer" = Unity Web Player
"Waterpark Madness Restaurant (Diner Dash Hometown Hero - Gourmet)" = Waterpark Madness Restaurant (Diner Dash Hometown Hero - Gourmet)
"Web Games Player Plugin" = Web Games Player Plugin
"Wedding Dash 2" = Wedding Dash 2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X mas Blox_is1" = X mas Blox
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2011 5:55:05 PM | Computer Name = GINA | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\ComSvcConfig.exe . Error code = 0x80070020

Error - 8/11/2011 5:58:53 PM | Computer Name = GINA | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error - 8/12/2011 4:27:45 AM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application quickclips.exe, version 0.0.0.0, faulting module
quickclips.exe, version 0.0.0.0, fault address 0x0024763a.

Error - 8/13/2011 2:51:44 AM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application jewel quest mysteries the seventh gate.exe, version
0.0.0.0, faulting module jewel quest mysteries the seventh gate.exe, version 0.0.0.0,
fault address 0x0000335a.

Error - 8/17/2011 1:20:41 PM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.

Error - 8/18/2011 5:58:52 PM | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x0001b38b.

[ System Events ]
Error - 8/20/2011 4:10:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 4:10:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 6:54:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 6:54:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 7:02:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 7:02:37 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 9:43:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 9:43:30 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 8/20/2011 10:34:04 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/20/2011 10:34:04 PM | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

< End of report >

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 05:17:49
-----------------------------
05:17:49.781 OS Version: Windows 5.1.2600 Service Pack 3
05:17:49.781 Number of processors: 1 586 0x304
05:17:49.812 ComputerName: GINA UserName:
05:17:52.671 Initialize success
05:23:40.375 AVAST engine defs: 11082100
05:24:47.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:24:47.750 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
05:24:49.828 Disk 0 MBR read successfully
05:24:49.828 Disk 0 MBR scan
05:24:49.890 Disk 0 Windows XP default MBR code
05:24:49.906 Disk 0 scanning sectors +312560640
05:24:49.968 Disk 0 scanning C:\WINDOWS\system32\drivers
05:25:03.218 Service scanning
05:25:05.937 Modules scanning
05:25:19.296 Disk 0 trace - called modules:
05:25:19.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
05:25:19.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ef3ab8]
05:25:19.421 3 CLASSPNP.SYS[f8728fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f4a998]
05:25:27.375 AVAST engine scan C:\WINDOWS
05:25:35.031 AVAST engine scan C:\WINDOWS\system32
05:27:36.906 AVAST engine scan C:\WINDOWS\system32\drivers
05:27:53.468 AVAST engine scan C:\Documents and Settings\Owner
05:36:24.625 File: C:\Documents and Settings\Owner\Desktop\OTL.com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:01.671 File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WAZCDVSZ\OTL[1].com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:52.296 AVAST engine scan C:\Documents and Settings\All Users
05:48:56.687 Scan finished successfully
05:49:58.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
05:49:58.234 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-21 05:17:49
-----------------------------
05:17:49.781 OS Version: Windows 5.1.2600 Service Pack 3
05:17:49.781 Number of processors: 1 586 0x304
05:17:49.812 ComputerName: GINA UserName:
05:17:52.671 Initialize success
05:23:40.375 AVAST engine defs: 11082100
05:24:47.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:24:47.750 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
05:24:49.828 Disk 0 MBR read successfully
05:24:49.828 Disk 0 MBR scan
05:24:49.890 Disk 0 Windows XP default MBR code
05:24:49.906 Disk 0 scanning sectors +312560640
05:24:49.968 Disk 0 scanning C:\WINDOWS\system32\drivers
05:25:03.218 Service scanning
05:25:05.937 Modules scanning
05:25:19.296 Disk 0 trace - called modules:
05:25:19.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
05:25:19.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82ef3ab8]
05:25:19.421 3 CLASSPNP.SYS[f8728fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f4a998]
05:25:27.375 AVAST engine scan C:\WINDOWS
05:25:35.031 AVAST engine scan C:\WINDOWS\system32
05:27:36.906 AVAST engine scan C:\WINDOWS\system32\drivers
05:27:53.468 AVAST engine scan C:\Documents and Settings\Owner
05:36:24.625 File: C:\Documents and Settings\Owner\Desktop\OTL.com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:01.671 File: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WAZCDVSZ\OTL[1].com **INFECTED** Win32:Rootkit-gen [Rtk]
05:39:52.296 AVAST engine scan C:\Documents and Settings\All Users
05:48:56.687 Scan finished successfully
05:49:58.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
05:49:58.234 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
07:20:33.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
07:20:33.968 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton 360
McAfee Security Scan Plus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
CA Yahoo! Anti-Spy (remove only)
SUPERAntiSpyware
Java(TM) 6 Update 26
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.22.87
Adobe Reader X (10.1.0)
Mozilla Firefox (2.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
``````````End of Log````````````

The OTL.Txt is attched

Thanks again!

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:11 am

OTL.Txt part 1

OTL logfile created on: 8/21/2011 4:32:10 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 203.10 Mb Available Physical Memory | 39.82% Memory free
1.73 Gb Paging File | 0.66 Gb Available in Paging File | 38.14% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 98.74 Gb Free Space | 66.25% Space Free | Partition Type: NTFS

Computer Name: GINA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/21 04:31:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/08/18 17:44:30 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/08/18 17:44:26 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/08/17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/20 12:19:44 | 004,393,816 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/06/20 18:41:50 | 000,954,648 | ---- | M] (FileServe Limited) -- C:\Program Files\FileServe Manager\FSStarter.exe
PRC - [2011/06/17 09:33:02 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/23 16:47:50 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 16:46:58 | 000,431,104 | ---- | M] (We-Care.com) -- C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
PRC - [2010/12/29 05:44:10 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\Gamesbar\SearchEngineProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/06/22 15:35:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [1997/08/19 02:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Modules (No Company Name) ==========

MOD - [2011/08/20 21:31:58 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/07/22 05:54:14 | 000,862,720 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/05/25 13:47:37 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/05/25 13:47:34 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/05/25 13:47:30 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/05/25 09:48:00 | 000,208,896 | ---- | M] () -- C:\Program Files\FileServe Manager\FFChromeExtHelper.dll
MOD - [2011/05/04 04:52:24 | 000,112,416 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011/05/04 04:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2010/06/17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/06/22 15:35:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/06/22 15:35:33 | 000,357,768 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [1998/03/12 02:00:00 | 003,772,176 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/08/19 02:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/18 17:44:26 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/17 09:33:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/23 16:47:50 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/06/22 15:35:33 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/06/21 23:45:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/10 22:55:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 22:55:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/28 03:12:42 | 000,030,368 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 14:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 14:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090329.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090329.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090318.001\SymIDSco.sys -- (SYMIDSCO)
DRV - [2009/01/08 19:38:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/06/15 04:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2005/01/10 12:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 12:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/05 19:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 19:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://centurytel.myway.com"
FF - prefs.js..general.useragent.extra.btrs: "BTRS86070"user_pref("browser.search.defaultenginename", "Yahoo");user_pref("browser.search.selectedEngine", "Yahoo");user_pref("keyword.URL", "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=");user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&type=382950");user_pref("browser.search.defaultenginename", "Yahoo");user_pref("browser.search.selectedEngine", "Yahoo");user_pref("keyword.URL", "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=");user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&type=382950");user_pref("yahoo.ytff.general.showaddbtn", false);user_pref("browser.search.defaultenginename", "Yahoo");
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: 0
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: 0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.share_proxy_settings: false
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 02:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 14:19:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/22 13:46:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011/07/04 11:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/20 12:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/14 23:10:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 02:07:30 | 000,000,000 | ---D | M]

[2010/06/08 15:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/25 11:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions
[2010/11/26 20:19:14 | 000,000,000 | ---D | M] (RealoreStudios Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{03fee850-0101-4e9e-b6d4-6fc74d3db360}
[2010/06/08 15:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/24 00:04:37 | 000,000,000 | ---D | M] (XfireXO) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/05/25 11:42:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/28 22:31:25 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\gamesbar@oberon-media.com
[2010/06/08 15:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\staged-xpis
[2010/06/08 15:20:58 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\textlinks@playsushi.com
[2010/02/19 13:32:47 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\toolbar@shopathome.com
[2011/03/20 11:12:40 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\wecarereminder@bryan
[2011/07/04 16:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/05 18:42:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/18 21:25:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 16:15:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 15:46:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 12:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/04 16:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/05 18:41:55 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2009/04/05 18:41:59 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/31 11:28:34 | 000,147,456 | ---- | M] (Oberon Media) -- C:\Program Files\mozilla firefox\plugins\npMyGames.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2009/10/26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/11/06 17:15:22 | 000,000,156 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober10694656.src
[2010/12/15 00:27:25 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober12957484.xml
[2011/03/28 22:32:08 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober13680203.xml
[2009/11/01 12:47:24 | 000,000,156 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober156182093.src
[2011/03/30 02:50:05 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1686390.xml
[2010/12/06 19:31:54 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18162406.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18403750.gif
[2009/12/09 13:35:44 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18403750.src
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober27254484.gif
[2009/11/22 21:08:26 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober27254484.src
[2011/01/01 02:20:51 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober28208578.xml
[2010/12/11 15:34:28 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober2891125.xml
[2010/11/14 05:36:12 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4002656.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4352437.gif
[2010/06/18 15:35:25 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4352437.src
[2010/12/07 02:17:20 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4361265.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober51693703.gif
[2009/12/07 12:08:14 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober51693703.src
[2011/01/19 04:18:38 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober5741859.xml
[2011/01/04 21:52:24 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober7067906.xml
[2011/02/25 17:15:17 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober9142031.xml
[2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober36076500.gif
[2009/12/15 11:48:11 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober36076500.src

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll (FileServe Limited)
O2 - BHO: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealoreStudios Toolbar) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\Gamesbar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (RealoreStudios Toolbar) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.6\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Miva)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SearchElf 1.1 Toolbar) - {00F2C0C6-2194-484E-9064-44E57787867B} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (RealoreStudios Toolbar) - {03FEE850-0101-4E9E-B6D4-6FC74D3DB360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files\FileServe Manager\FSStarter.exe (FileServe Limited)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe (Oberon Media )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O15 - HKCU\..Trusted Domains: gamehouse.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windows] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://p.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Dream%20Day%20First%20Home/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214110364630 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214176760343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Gourmania/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://iplay.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://207.119.127.218/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/21 20:37:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2dbd6e80-1f95-11d1-a7e1-00609793926d} - Internet Only E-mail Service
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3661ddae-1fa3-11d1-9474-00c04fb6cf97} - Microsoft Outlook Help
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {681c5b90-1f94-11d1-a7e1-00609793926d} - Microsoft Outlook Program Files
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {70F82C18-3D15-11d1-8596-00C04FB92601} - News Reader
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7C416174-4669-11d1-8F81-00A0C970AB00} - Proofing Tools - English (United States)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AC1E9E16-4FF9-11d1-859B-00C04FB92601} - Remove Outlook 97
ActiveX: {BEF6E001-A874-101A-8BBA-00AA00300CAB} - MFC40
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {d3a5b6e4-6cf6-11d1-9481-00c04fb6cf97} - 128 Bit Encryption Update
ActiveX: {d8600590-1f91-11d1-a7e1-00609793926d} - ACME Engine
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROSO - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:14 am

OTL.Txt Part 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 04:31:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/08/21 03:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/08/20 18:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FarmMania2
[2011/08/20 15:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Age of Japan
[2011/08/20 11:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2011/08/20 11:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/08/20 11:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/08/20 11:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/08/19 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Xmas Blox
[2011/08/19 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\X mas Blox
[2011/08/19 09:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\f-secure
[2011/08/19 09:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/08/19 07:24:40 | 000,000,000 | ---D | C] -- C:\My Documents\Stopzilla Event Logs
[2011/08/18 21:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/08/18 21:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/08/18 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/18 19:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/18 17:44:18 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/08/18 17:44:18 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/08/18 17:44:18 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/08/18 17:44:16 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/08/18 17:44:16 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/08/18 17:44:16 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/08/18 17:44:16 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/08/18 17:44:16 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/08/18 17:44:14 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/08/18 17:44:14 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/08/18 17:44:14 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/08/18 17:44:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/08/18 11:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AquaPearls
[2011/08/16 16:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/08/15 19:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2011/08/15 19:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/08/15 13:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/08/12 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Assistant
[2011/08/12 16:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\CenturyLink
[2011/08/12 16:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\EMBARQ
[2011/08/12 16:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation
[2011/08/12 16:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2011/08/12 16:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/08/12 11:57:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2011/08/12 11:57:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/08/10 22:05:24 | 000,112,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
[2011/08/10 10:03:47 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/10 08:55:05 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/07 01:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Puzzles 500
[2011/08/07 01:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\WINDOWS
[2011/07/29 22:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oberon
[2011/07/29 22:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon
[2011/07/28 10:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Boomzap
[2011/07/28 00:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\JQ
[2011/07/24 14:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GameHousev1000
[2011/07/22 05:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/03/20 18:26:44 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/21 04:36:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC5CA896-1EC2-43B6-B82F-9CD4B98BFBD1}.job
[2011/08/21 04:31:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/08/21 04:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/21 01:44:52 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pogo Games.lnk
[2011/08/20 21:39:48 | 000,001,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/20 21:33:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
[2011/08/20 21:33:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
[2011/08/20 21:33:04 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/20 21:33:04 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/08/20 21:31:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/20 03:25:53 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
[2011/08/19 17:16:43 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\X mas Blox.lnk
[2011/08/18 17:44:18 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/08/18 17:44:18 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/08/18 17:44:18 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/08/18 17:44:16 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/08/18 17:44:16 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/08/18 17:44:16 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/08/18 17:44:16 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/08/18 17:44:16 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/08/18 17:44:14 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/08/18 17:44:14 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/08/18 17:44:14 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/08/18 17:44:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/08/18 11:34:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AquaPearls.lnk
[2011/08/17 13:41:14 | 000,025,248 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/08/15 20:00:00 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2011/08/15 13:29:45 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/15 13:29:45 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 23:10:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/14 22:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/08/14 12:41:48 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN Games.lnk
[2011/08/13 21:44:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/12 16:30:28 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CenturyLink Remote Control.lnk
[2011/08/11 00:10:23 | 000,450,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 00:10:23 | 000,075,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 18:23:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/10 11:14:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/04 20:20:41 | 000,004,290 | ---- | M] () -- C:\Documents and Settings\Owner\r
[2011/07/28 20:42:09 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HP Printing Software.url
[2011/07/25 10:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/07/22 05:34:44 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/21 01:44:52 | 000,001,108 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Pogo Games.lnk
[2011/08/20 21:37:44 | 000,001,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/19 17:16:43 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\X mas Blox.lnk
[2011/08/18 11:34:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AquaPearls.lnk
[2011/08/16 16:47:33 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/08/16 16:47:31 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/08/15 13:29:45 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/15 13:29:39 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 23:10:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/14 23:10:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/14 12:41:48 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSN Games.lnk
[2011/08/12 16:30:28 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CenturyLink Remote Control.lnk
[2011/08/10 11:13:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/04 20:20:41 | 000,004,290 | ---- | C] () -- C:\Documents and Settings\Owner\r
[2011/07/31 08:17:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
[2011/07/28 20:42:09 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HP Printing Software.url
[2011/07/22 05:34:44 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/07/02 18:21:49 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/30 02:55:31 | 000,000,461 | ---- | C] () -- C:\Program Files\033020112553104.bat
[2011/03/28 10:33:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 23:15:52 | 000,000,462 | ---- | C] () -- C:\Program Files\0321201123155192.bat
[2011/01/24 00:01:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/21 12:46:55 | 000,000,462 | ---- | C] () -- C:\Program Files\1021201012465568.bat
[2010/10/19 03:05:24 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\prefsdb.dat
[2010/09/09 02:06:11 | 000,023,085 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/08/31 23:26:57 | 000,000,476 | ---- | C] () -- C:\Program Files\0831201023265700.bat
[2010/08/04 12:18:52 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/06/19 11:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/05 21:21:47 | 000,000,471 | ---- | C] () -- C:\Program Files\0105201020214746.bat
[2009/09/28 21:53:27 | 000,000,110 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/02 18:40:12 | 000,137,540 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/04/05 18:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 15:57:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/02/22 09:42:50 | 000,003,840 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2009/01/11 00:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/06 05:40:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/02 15:57:07 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 17:46:45 | 000,157,453 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2008/10/11 17:46:44 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2008/08/31 10:14:08 | 000,123,125 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2008/08/31 10:14:07 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2008/07/15 22:50:29 | 000,025,248 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/06/29 04:46:15 | 000,000,766 | ---- | C] () -- C:\WINDOWS\wwwconfig.dat
[2008/06/28 16:12:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/06/22 16:03:41 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2008/06/22 15:54:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/22 00:38:38 | 000,000,512 | ---- | C] () -- C:\WINDOWS\extend.dat
[2008/06/22 00:08:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2008/06/22 00:08:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/21 20:39:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/21 20:34:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/21 13:28:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/21 13:27:53 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/05/03 13:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/22 18:07:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2004/08/04 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,450,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 05:00:00 | 000,075,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 12:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/04/08 15:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2002/07/01 09:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\brun_nbeta12.dat
[1997/08/19 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/08/14 02:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/14 02:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >
[1997/08/19 02:00:00 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\ArtGalry.cag

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/10/11 03:05:03 | 000,123,522 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2006/10/11 03:04:59 | 000,067,700 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\xpicleanup.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/08/14 23:09:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/01/25 19:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adventures of Robinson Crusoe
[2011/02/17 22:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\Alawar
[2009/04/05 12:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\Alchemist's Apprentice
[2008/10/17 14:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\alot
[2011/07/21 15:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2010/10/28 10:54:31 | 000,000,000 | ---D | M] -- C:\Program Files\AmeliesCafeHalloween_at
[2008/06/21 21:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/09/13 00:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Games
[2011/08/20 11:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2011/07/02 18:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/10/01 07:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\Awem studio
[2008/07/02 15:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2010/04/17 23:33:00 | 000,000,000 | ---D | M] -- C:\Program Files\Axis Communications
[2010/10/10 14:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2010/03/30 11:58:55 | 000,000,000 | ---D | M] -- C:\Program Files\BDStudioGames
[2011/08/18 14:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2009/04/08 10:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Bird Pirates
[2011/04/01 22:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\BirdsTown_at
[2009/09/16 11:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Burger Shop 2
[2010/09/01 22:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\BurgerBustle_at
[2010/03/23 21:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009/01/11 01:59:23 | 000,000,000 | ---D | M] -- C:\Program Files\Cake Mania 3
[2009/11/26 02:33:29 | 000,000,000 | ---D | M] -- C:\Program Files\Cake Mania Main Street
[2008/10/01 16:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\Cake Shop
[2011/08/12 16:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\CenturyLink
[2008/06/22 12:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\CheckIt
[2008/06/21 23:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/09/29 05:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Columbus - Ghost of the Mystery Stone
[2011/08/20 11:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/21 20:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/04/13 18:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2009/04/20 12:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Cooking Quest
[2010/08/09 03:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Country Harvest
[2009/03/28 12:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\CSI - NY
[2010/02/05 11:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\CSI - NY - The Game
[2009/03/10 10:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Curse of the Pharaoh - Napoleons Secret
[2008/06/22 08:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/09/09 18:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\Dark Tales - Edgar Allan Poe's The Black Cat Collector's Edition
[2010/11/08 17:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Diner Dash 5 - Boom
[2010/04/12 18:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\Diner Dash 5 Boom!
[2011/04/01 22:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Day First Home
[2008/10/01 00:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Dream Day Wedding - Married in Manhattan
[2009/11/30 10:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Echoes of the Past - Royal House of Stone
[2011/08/12 16:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2009/09/15 20:05:22 | 000,000,000 | ---D | M] -- C:\Program Files\Farm Frenzy 3
[2008/12/26 14:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\Farm Mania
[2011/07/04 11:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\FileServe Manager
[2010/02/01 10:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\Flux Family Secrets - The Ripple Effect
[2010/05/07 10:35:27 | 000,000,000 | ---D | M] -- C:\Program Files\FreshGames
[2011/04/01 22:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\GameBox
[2009/12/24 14:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\GameHouse
[2011/05/30 12:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Gamesbar
[2009/09/25 14:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\GamesCafe.com
[2009/07/28 17:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\GoBit Games
[2008/12/23 02:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\GoGoGourmet2_at
[2010/07/05 22:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Gold Miner Vegas
[2010/07/02 18:56:35 | 000,000,000 | ---D | M] -- C:\Program Files\GoldMinerVegas_at
[2009/04/02 05:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/02/16 03:46:23 | 000,000,000 | ---D | M] -- C:\Program Files\Gourmania 2 - Great Expectations
[2011/02/17 22:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\GourMania2_at
[2010/01/18 11:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Hidden Object of Desire
[2008/11/29 23:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\Hot Dish 2 - Cross Country Cook Off
[2008/10/11 18:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/12/18 18:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\I-play Games
[2011/05/23 08:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\Inbox Toolbar
[2011/03/26 20:07:57 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 22:05:32 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/08/11 21:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/24 14:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/08/20 11:25:07 | 000,000,000 | ---D | M] -- C:\Program Files\IObit Toolbar
[2011/05/25 14:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2011/03/26 22:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/08/08 09:05:12 | 000,000,000 | ---D | M] -- C:\Program Files\Jane's Realty 2
[2010/12/13 20:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\JanesHotelMania_at
[2011/07/04 16:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/02/16 04:57:47 | 000,000,000 | ---D | M] -- C:\Program Files\Jewel Match 3
[2009/04/07 00:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Jewel Quest
[2010/08/04 05:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\Jewel Quest Heritage
[2009/01/02 13:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Jewel Quest III
[2009/02/25 02:42:54 | 000,000,000 | ---D | M] -- C:\Program Files\Jewel Quest Mysteries
[2011/04/01 22:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\Jewel Quest Mysteries 2 Trail of the Midnight Heart
[2010/06/30 17:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\JewelMiner_at
[2010/08/11 11:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\Journalistic Investigations - Stolen Inheritance
[2010/06/27 04:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Kate Arrow - Deserted Wood
[2010/09/27 10:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\King Arthur
[2009/05/14 08:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Legacy Interactive
[2009/06/22 06:46:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lovely Kitchen
[2011/01/15 13:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Luxor - 5th Passage
[2009/04/15 21:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\Magic Encyclopedia
[2010/01/03 13:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Many Years Ago
[2009/01/11 23:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\Masters of Mystery - Crime of Fashion
[2011/08/15 13:29:30 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2009/09/26 18:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\Megaupload
[2008/08/13 23:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/03/28 15:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/07/02 07:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/07/02 07:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2008/06/21 20:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/07/02 07:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2009/06/04 17:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/07/02 07:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2011/06/24 03:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/07/02 07:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/02 07:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2004
[2011/01/28 13:49:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mishap - An Accidental Haunting
[2011/04/01 22:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2009/09/13 00:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mortimer Beckett And The Time Paradox
[2010/08/11 12:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/01 22:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/15 03:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/06/04 17:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/11/04 15:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/06/21 20:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/03/23 00:33:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2010/11/04 15:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Installer
[2008/06/26 02:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/07/13 18:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\MumboJumbo
[2011/08/19 14:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\MyPlayBus.com
[2010/09/25 19:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\MyPublisher
[2009/01/21 01:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mystery Chronicles - Murder Among Friends
[2009/12/27 18:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mystic Diary - Lost Brother
[2010/02/05 22:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Namco
[2008/06/22 20:35:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/09/08 06:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\Nightmare Adventures - The Witch's Prison
[2009/08/15 16:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2009/04/09 19:14:26 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2011/08/21 02:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2008/06/21 20:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/20 21:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\Online_Gaming
[2009/01/21 17:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/12/15 04:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/12 22:27:50 | 000,000,000 | ---D | M] -- C:\Program Files\PlayFirst
[2010/08/22 22:12:43 | 000,000,000 | ---D | M] -- C:\Program Files\PlayPond
[2010/07/01 21:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2009/05/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\Pretty In Pink
[2011/08/10 12:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/05/07 12:22:55 | 000,000,000 | ---D | M] -- C:\Program Files\Ranch Rush
[2010/11/15 14:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2011/08/21 02:59:23 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2011/08/20 18:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Realore
[2011/04/27 15:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\RealoreStudios
[2009/08/15 03:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/12/16 21:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/06/20 21:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Restaurant Rush
[2010/01/28 19:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\Retro64 Games
[2010/05/29 04:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sally's Studio
[2009/01/24 12:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sallys Spa
[2010/12/06 05:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sandlot Games
[2009/09/26 01:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Save Our Spirit
[2011/04/01 22:17:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sea Journey
[2011/04/20 15:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\SearchElf_1.1
[2011/07/08 22:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2011/02/12 04:19:01 | 000,000,000 | ---D | M] -- C:\Program Files\Shop It Up!
[2011/08/12 16:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint_Activation
[2011/04/01 22:17:20 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2011/08/18 21:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2011/06/10 02:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/09/10 13:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sweet Home 3D
[2009/01/08 19:38:07 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/09/15 17:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2011/01/24 00:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2011/02/25 14:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\The Curse of the Ring
[2008/12/23 02:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\The Hidden Prophecies of Nostradamus
[2010/01/17 11:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\The Search for Amelia Earhart
[2009/08/25 10:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\Time Machine - Evolution
[2010/01/06 09:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Tinseltown Dreams - The 50s
[2010/02/23 11:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Travels With Gulliver
[2010/05/17 13:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Trymedia
[2008/09/13 13:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Turbo Fiesta
[2008/09/14 23:05:53 | 000,000,000 | ---D | M] -- C:\Program Files\Turbo Pizza
[2008/09/12 20:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Turbo Subs
[2011/08/10 16:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\Ultimate Puzzles 500
[2008/06/21 20:40:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/29 10:53:01 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2011/01/24 00:02:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/08/23 10:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\Veronica and the Book of Dreams
[2011/08/12 16:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2010/08/13 12:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Wedding Dash 4-Ever
[2011/02/05 19:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Wedding Salon
[2008/06/24 07:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2011/03/31 17:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/07/09 23:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/09 23:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/06/22 20:35:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/06/22 15:35:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/06/21 20:36:09 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/07/02 09:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/06/21 20:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/04/13 18:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\XfireXO
[2009/08/16 08:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/09/13 01:42:29 | 000,000,000 | ---D | M] -- C:\Program Files\Yard Sale Hidden Treasures - Sunnyville
[2010/05/03 05:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Ye Olde Sandwich Shoppe
[2010/09/04 13:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\Youda Survivor
[2009/11/10 15:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Zumas Revenge! - Adventure
[2009/11/25 13:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games

< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/22 20:27:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/22 20:27:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/22 20:27:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/22 20:27:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/06/22 20:27:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/06/22 20:27:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-12 02:29:21

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\uninst.exe" /ua "2.0 (en-US)" /hs browser [2006/10/11 03:05:04 | 000,331,678 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\firefox.exe" -silent -setDefaultBrowser [2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\uninst.exe" /ua "2.0 (en-US)" /ss browser [2006/10/11 03:05:04 | 000,331,678 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: C:\Program Files\Mozilla Firefox\firefox.exe -preferences [2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\uninst.exe" /ua "2.0 (en-US)" /hs browser [2006/10/11 03:05:04 | 000,331,678 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\firefox.exe" -silent -setDefaultBrowser [2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\uninst.exe" /ua "2.0 (en-US)" /ss browser [2006/10/11 03:05:04 | 000,331,678 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: C:\Program Files\Mozilla Firefox\firefox.exe -preferences [2006/10/11 03:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 21:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:21 am

OTL.Txt part 3

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82E1D3A4
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD8F016
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAA14AF9
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:179D1352
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F2BA284
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F97CB10D
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11FC043F
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBVUV9VK9VF9FPMVAP4RKXT95KVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VF9VF9VSNFUP4WKLVY2ELP3JM6UEGRJKDVVJVKVFJVMJV7
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBVUV9VK9VF9FPMVAP4RKXT95KVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBPUV9VF9VF9VSNFUP4WKLVY2ELP3JM6UEGRJKDVVJVKVFJVMJV7
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECC73CDC
@Alternate Data Stream - 381 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F94040F
@Alternate Data Stream - 380 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8CAAE22
@Alternate Data Stream - 376 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6283A8D3
@Alternate Data Stream - 361 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84002417
@Alternate Data Stream - 354 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C8F07A8
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70F0C51
@Alternate Data Stream - 347 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BE311E
@Alternate Data Stream - 343 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB9746A6
@Alternate Data Stream - 338 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0ACD5C
@Alternate Data Stream - 337 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2533C29
@Alternate Data Stream - 336 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EDC977B
@Alternate Data Stream - 333 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1BA810
@Alternate Data Stream - 325 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AF3A05F
@Alternate Data Stream - 324 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:141BCC26
@Alternate Data Stream - 323 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79FA7767
@Alternate Data Stream - 322 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E269FCB5
@Alternate Data Stream - 322 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:202A6D97
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F585932D
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76F78684
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52556249
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1A3FF2
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F984905
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B928EF8
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D81A09B0
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC6697B
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C3170A8
@Alternate Data Stream - 314 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE0E96C6
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:702D1DFE
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 312 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1002D91
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CB560CF
@Alternate Data Stream - 310 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4173B541
@Alternate Data Stream - 309 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A45A6D
@Alternate Data Stream - 309 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD998290
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2400EF3
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E74C26
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DFBC3C0
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06F1C6E5
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:995B275C
@Alternate Data Stream - 306 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C5DFEA1
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E76E30F
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029B3C8C
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68A1815
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90281753
@Alternate Data Stream - 302 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52841B01
@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AE1C7A
@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2DD77D8
@Alternate Data Stream - 299 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B59658A8
@Alternate Data Stream - 298 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91163577
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6411A2E
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC52BE0
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A9B355
@Alternate Data Stream - 293 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36D4F33D
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF4E51E1
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0312EC65
@Alternate Data Stream - 291 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B72729D8
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F3CCE0A
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:213AFE42
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE13DA72
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD842FD5
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32AF55F1
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4BE8180
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAC11624
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDAC654B
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01453AF3
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7079A696
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62D72D41
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E23D0CEC
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54D9AD66
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:100CB1DD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E95E2173
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:858D9994
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70258565
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5690D76E
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0DB8AB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A652BC99
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E11933F
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE91C67
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:441D63A8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33E12B7A
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30D9D4CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2324
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2176484C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:082EF53F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F18BEDBC
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA031481
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC3B4B43
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D91D7E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A3AAF2E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC32B31
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:203CAFEE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E67073E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8760BFE
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC96947B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A86C5761
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6622852D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627153F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:124B94C0
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA341DB1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9812B773
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96DE870D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40DB6D00
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD444B22
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2FF62A6
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFB99F9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC29ABAC
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BACB6B6C
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BFAAE70
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63337BE2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:589743E1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8FA829
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BA6C13A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09446E68
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:25 am

OTL.Txt part 4 (final part)

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0440C86
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDBBA6D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF93164
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5D64BE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E8117B1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC5FFC81
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBE5FDB9
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9EDCFB0
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC5801E4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93AABC7
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8059174
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF4C56B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88BE334
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D2A565D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7198E1D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4F49FB
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDF112BD
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F34335
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8D58038
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C337CCE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EF59135
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7430D1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B8650D
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51545BC7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EDD05D8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E45FA8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D8B851C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A27E0C5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0696EC8E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBB29B31
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8855A119
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CF910D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:602146E4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ECEA33
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A4620C
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8AC0D6D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F19A4790
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4C77AD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7FF0C9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9491C9C7
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:891DBAFE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79EB58D0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512336B9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46B38AB3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAF954B6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EEAEC9B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:696F7DA7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1585E7B2
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F1392C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BE587B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:771316F5
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75CC0165
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A34D19
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C31986D
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25D6137A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1786630
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71AEFFEB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:413E2927
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151760F0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9A04C32
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5121D26
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD20B4A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A1486AD
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA7FA57
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34445512
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0588E665
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92981EA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BEA85D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7E8F29F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE2EA3C2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:560D46AC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41884BBE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:329BA65B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5816AB5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BE1CEA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3D26A8A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADAD2FFE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B0F9E15
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961A5109
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EABF26C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79BE9D5A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698B483C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62B9E014
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:443F2F8E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41DAF48E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29F0CA7D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22F6EE1A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E83EE313
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE818FA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A636021B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E75B01B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864881BF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42228396
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD69132
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B5038B1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31A7D544
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FBB2B9B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D3CB929
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A48233F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26233902
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EEDD02
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1095ECE1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0A06891
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEBEAB3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83D58AD2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C99C213
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56EE2CAF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D7AF1D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:098DBB8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB15E5CC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9290C91C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8678F6BD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65AB2A58
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A80ACF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436BE28C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3939CF5F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEF8447
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFC8A5FD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8EAE2CC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A39CF033
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94260FE6
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F96743
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6D6E2B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627B7F7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3112F12
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9351E0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831F2C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72D2E2A0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:514E900B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C86456
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29DA7FEE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDC41D2C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B99CA4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F951B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCFF7C43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF6E4175
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0893153
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B227F86E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BF54D33
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD219F5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D19AF4A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D7FCCD3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C27D9EC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:257AC7F8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDE312D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10DCAF3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D197DC80
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:962FBFE7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94CE30A1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A051701
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6DD5F80
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9592966
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46D2E5A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAC5FE6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91486201
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:817F0659
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705F47E4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6407DD2D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:403D77D3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26A148EB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9283DA1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA9F45B5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD04902E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3C52D24
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA99FD89
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C35B4B19
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D605054
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF4A12D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7757A6D4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68887B7E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6309F7F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2A5A6D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0007D6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E9900EE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1968990D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1709732A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:163B8B93
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F78518BB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0A97B5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B31F805F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698AFB4D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50F94E7B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42A3BDD7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:342886D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:119BAB3D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C0B833D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC855C73
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A41FEAA2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BFA0030
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87B05421
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D48DC2D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:647640E1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10C56A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4111E573
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31A07C00
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5A2122
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:283B4301
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C90EF4F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE96CF5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A1C1AD8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09708CB7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB0595A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCB49694
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7857F06
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC2A20FD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B6F7F60
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B439AA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17F7AEA3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:041C0562
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E77558A0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CDFB4A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B55AADB5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA199F0F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4BF246C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EE6560D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82C50600
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71187328
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F9C17A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54362937
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A9FA516
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9D0697
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:638C0C6C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2775F9E2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD931C5F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E90251A2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E6A368
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7174C105
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:583D44CB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C0A7FF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D492DA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132714FA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE5EC04C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9B2AAD0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E8CC2E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C7AA745
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B15C5BC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C13C008
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC60E0F8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1031541
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B419A171
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CAB0377
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79F970BE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666D6386
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD26EF3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA206A00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C356A185
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB24B00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6813E7F4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D5FDAEA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AD6342E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49D185
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C84B46
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A692C296
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE7A048
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F4B378
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551E1CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3433021E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A19A9C88
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E31DE83
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294F888B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C1A08E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3595B780
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193426B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65929158
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7D48CA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18379B4C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D02FBAEC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3612C9BE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DA384B0
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09CEBED1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086DE893
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E8F4FE
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2935AA1D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BFCB272
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:102394C6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B61DB9F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CB42C9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3473F385
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C07C446
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE9F7F81
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95198126
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECED34B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1381B34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF478DB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F16B288B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78DEA3A4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A99DEB7
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0D0B5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEF1584F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF

< End of report >

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:57 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The Security Check shows that you more than one AV program on your computer; McAfee Security Scan Plus and Avira . One will have to be disabled.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Mbamicontw5

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more DDS

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 3:14 am

Hi Dave!

I want to thank you so much for all your help with my computer problem. I know this takes a lot of time for you and it is very appreciated.

Ok, the only thing I've done so far ws the Super AntiSpyware scan, because I had a problem after the scan and I didn't want to go further without discussing it with you first.

I went to do the scan and I had the Pro trial version (which had expired). Then it said I could do the "free" version without having to pay for it. So, I started the download and it said the other version had to be uninstalled and did I want to do that now and I clicked yes. So, everything went fine and I did the scan (I made sure I only had the 3 boxes checked that you said).

After the scan I quarantined everything that it found and then rebooted when it asked. After the reboot I double-clicked on the icon on my desktop and it couldn't find the program.

OK, I did an "explore" and found the scan log and saved it to my desk top. However, there were all these files from the original program (and I'm guessing the new program) and I didn't know what to do. So, I wanted to see what the "Add or Remove" programs showed.

I went into the Control Panel and double clicked on Add or Remove icon and the message "This file does not have a program associated wi th it for performing this action. Create an association in the Folder Options control panel."

Since I really didn't know how to do that I did nothing and e-mailed you here. I didn't have a problem with that until now. I didn't know if you wanted me to continue or if you wanted to see what's going on.

I do have the Super Anti-Spyware scan log below for you.

Thank you

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/22/2011 at 08:01 PM

Application Version : 5.0.1118

Core Rules Database Version : 7590
Trace Rules Database Version: 5402

Scan type : Complete Scan
Total Scan Time : 01:41:56

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 41568
Registry threats detected : 2
File items scanned : 249476
File threats detected : 42

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\AW11NJX5.txt
C:\Documents and Settings\Owner\Cookies\PCTWLDMY.txt
C:\Documents and Settings\Owner\Cookies\0747TQL9.txt
C:\Documents and Settings\Owner\Cookies\URM9X0OS.txt
C:\Documents and Settings\Owner\Cookies\V4IZGCQJ.txt
C:\Documents and Settings\Owner\Cookies\O7ZR2KIU.txt
C:\Documents and Settings\Owner\Cookies\TCAFTDTN.txt
C:\Documents and Settings\Owner\Cookies\Y7PWQV8V.txt
C:\Documents and Settings\Owner\Cookies\KIB3335B.txt
C:\Documents and Settings\Owner\Cookies\GLJOLIUO.txt
C:\Documents and Settings\Owner\Cookies\RJHTJQPJ.txt
C:\Documents and Settings\Owner\Cookies\55TPS8X1.txt
C:\Documents and Settings\Owner\Cookies\234GUBC6.txt
C:\Documents and Settings\Owner\Cookies\NLJLA1XC.txt
C:\Documents and Settings\Owner\Cookies\G6C3SFWW.txt
C:\Documents and Settings\Owner\Cookies\62RZCRG4.txt
C:\Documents and Settings\Owner\Cookies\9P5Q5I97.txt
C:\Documents and Settings\Owner\Cookies\A5BF0OZY.txt
C:\Documents and Settings\Owner\Cookies\5RXAGG32.txt
C:\Documents and Settings\Owner\Cookies\1S024IGO.txt
C:\Documents and Settings\Owner\Cookies\BVJQGGM0.txt
C:\Documents and Settings\Owner\Cookies\2U73JBUE.txt
C:\Documents and Settings\Owner\Cookies\HVGQRFTO.txt
C:\Documents and Settings\Owner\Cookies\AJNHKK5H.txt
C:\Documents and Settings\Owner\Cookies\21IA07XU.txt
C:\Documents and Settings\Owner\Cookies\BBCTH878.txt
C:\Documents and Settings\Owner\Cookies\Y431I3KX.txt
C:\Documents and Settings\Owner\Cookies\Z0I3VQAW.txt
C:\Documents and Settings\Owner\Cookies\VSXIUA6W.txt
C:\Documents and Settings\Owner\Cookies\05P5I1SK.txt
C:\Documents and Settings\Owner\Cookies\TOZXJ0PN.txt
C:\Documents and Settings\Owner\Cookies\RRQV8TUT.txt
C:\Documents and Settings\Owner\Cookies\6634L7G3.txt
C:\Documents and Settings\Owner\Cookies\T0TWB7VL.txt
C:\Documents and Settings\Owner\Cookies\274Q9ITK.txt
C:\Documents and Settings\Owner\Cookies\8TDRV96W.txt
C:\Documents and Settings\Owner\Cookies\49DKXGUA.txt
C:\Documents and Settings\Owner\Cookies\YP8LITTB.txt
C:\Documents and Settings\Owner\Cookies\D0KBN9TO.txt
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBHB3Q6M ]
espn360.channelfinder.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBHB3Q6M ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBHB3Q6M ]

System.BrokenFileAssociation
HKCR\.exe

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 4:56 am

Hi again Dave,

Just want to let you know that other programs I double click on are giving me the same message.

I will check tomorrow to see what you would like me to do.

Thanks again,
Regina

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 10:34 pm

Ok. Please try this to get the other scans running.

Please download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:
In your case, it would be .EXE
Close SREng now.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 10:47 pm

Hi Dave,

The SREngLdr is downloaded to my desk top, but when I try to extract it I get a message saying my winzip trial has expired.

What can I do?

Thanks

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 1:39 am

reginaac wrote:

Hi Dave,

The SREngLdr is downloaded to my desk top, but when I try to extract it I get a message saying my winzip trial has expired.

What can I do?

Thanks

Ok, I've got the files asociated again (whew).

I'm going to get get started on the reports you requested right now...be back soon.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 6:42 am

Hi Dave,

Sorry it took so long. I forgot the first 2 scans would take almost 2 hours each.

Here are the 4 scans below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2011 at 10:27 PM

Application Version : 5.0.1118

Core Rules Database Version : 7595
Trace Rules Database Version: 5407

Scan type : Complete Scan
Total Scan Time : 01:41:00

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 588
Memory threats detected : 0
Registry items scanned : 41577
Registry threats detected : 1
File items scanned : 250670
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\DDE98O5P.txt
C:\Documents and Settings\Owner\Cookies\MOE0C4PO.txt
C:\Documents and Settings\Owner\Cookies\5J7CDSHF.txt
C:\Documents and Settings\Owner\Cookies\877YKJ37.txt
C:\Documents and Settings\Owner\Cookies\K7QAPCCF.txt
C:\Documents and Settings\Owner\Cookies\APWOQKF3.txt
C:\Documents and Settings\Owner\Cookies\8GZA8X1V.txt
C:\Documents and Settings\Owner\Cookies\GK4AIWQ1.txt
C:\Documents and Settings\Owner\Cookies\FOBC0D17.txt
C:\Documents and Settings\Owner\Cookies\64FBNF3J.txt
C:\Documents and Settings\Owner\Cookies\WCNDZYDU.txt
C:\Documents and Settings\Owner\Cookies\OR1Q9ZYF.txt
C:\Documents and Settings\Owner\Cookies\JJ7ZSK04.txt
C:\Documents and Settings\Owner\Cookies\F14I7TGQ.txt
C:\Documents and Settings\Owner\Cookies\NVT1B8GX.txt
C:\Documents and Settings\Owner\Cookies\C4NJNH8V.txt
C:\Documents and Settings\Owner\Cookies\UH32IS7F.txt
C:\Documents and Settings\Owner\Cookies\TV8BKKSB.txt
C:\Documents and Settings\Owner\Cookies\PKVRNTIH.txt
C:\Documents and Settings\Owner\Cookies\K5LXUKGV.txt
C:\Documents and Settings\Owner\Cookies\J0D76B1B.txt
C:\Documents and Settings\Owner\Cookies\3KPL1J1N.txt
C:\Documents and Settings\Owner\Cookies\CRNCQFQ5.txt
C:\Documents and Settings\Owner\Cookies\9DACKULD.txt
C:\Documents and Settings\Owner\Cookies\92FSWEEK.txt
C:\Documents and Settings\Owner\Cookies\FD8M8FBA.txt
C:\Documents and Settings\Owner\Cookies\4H1SB32U.txt
C:\Documents and Settings\Owner\Cookies\54MG97XU.txt
C:\Documents and Settings\Owner\Cookies\0AZH8QG6.txt
C:\Documents and Settings\Owner\Cookies\9PDEB0SB.txt
C:\Documents and Settings\Owner\Cookies\GF1G2JFR.txt

System.BrokenFileAssociation
HKCR\.exe

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7548

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/24/2011 12:55:16 AM
mbam-log-2011-08-24 (00-55-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 436738
Time elapsed: 1 hour(s), 50 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BSRURUF55J (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OUU6KC5WPX (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\iobit toolbar\IE\4.6\iobittoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6dcdf204-bed2-4a47-866a-5e39e7e8c520}\RP128\A0022731.rbf (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6dcdf204-bed2-4a47-866a-5e39e7e8c520}\RP84\A0014842.rbf (PUP.Dealio.TB) -> Quarantined and deleted successfully.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 1:17:37 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.99 [GMT -5:00]
.
AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\FileServe Manager\FSStarter.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Microsoft Office\Office\outlook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: RealoreStudios Toolbar: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - c:\program files\realorestudios\prxtbRea2.dll
uURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: FileServeManager: {00000001-ab3b-4334-9da2-ec6b2a02afc6} - c:\program files\fileserve manager\FileServeBHO.dll
BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealoreStudios Toolbar: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - c:\program files\realorestudios\prxtbRea2.dll
BHO: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.73\oberontb.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} -
TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll
TB: RealoreStudios Toolbar: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - c:\program files\realorestudios\prxtbRea2.dll
TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FileServe Manager Task] "c:\program files\fileserve manager\FSStarter.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: []
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: &Search
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: gamehouse.com\www
Trusted Zone: microsoft.com\windows
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://p.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20First%20Home/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214110364630
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214176760343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Gourmania/Images/armhelper.ocx
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://iplay.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://207.119.127.218/activex/AMC.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{95B4BE35-8113-48FB-ACB2-347E26F66400} : DhcpNameServer = 10.0.0.1
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - c:\program files\gamebox\gamebox_toolbar.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\g7evd8kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://centurytel.myway.com
user_pref(general.useragent.extra.btrs, BTRS86070);user_pref(browser.search.defaultenginename, Yahoo);FF - prefs.js: browser.search.selectedEngine - Yahoo);user_pref(keyword.URL, hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=);user_pref(browser.search.param.yahoo-fr, chr-greentree_ff&type=382950);user_pref(browser.search.defaultenginename, Yahoo);user_pref(browser.search.selectedEngine, Yahoo);user_pref(keyword.URL, http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=);user_pref(browser.search.param.yahoo-fr, chr-greentree_ff&type=382950);user_pref(yahoo.ytff.general.showaddbtn, false);user_pref(browser.search.defaultenginename, Yahoo
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-10 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-2 136360]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-2 66616]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2008-6-22 3744]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-24 820568]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-8-10 112800]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2008-6-22 3904]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-7-22 239600]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-7-22 30368]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-7-22 16080]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 rolmcacd;rolmcacd;\??\c:\windows\system32\drivers\rolmcacd.sys --> c:\windows\system32\drivers\rolmcacd.sys [?]
S2 gupdate1c9b37b178cbdfe;Google Update Service (gupdate1c9b37b178cbdfe);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-23 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090329.003\NAVENG.SYS [2009-3-29 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090329.003\NAVEX15.SYS [2009-3-29 876144]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-6-22 1245064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-08-24 03:55:57 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-08-24 03:55:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 03:55:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-24 03:55:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 03:55:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 01:41:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-22 14:50:15 -------- d-----w- c:\documents and settings\owner\application data\Pirate Stories Kit Ellis
2011-08-21 08:29:56 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-08-20 20:04:14 -------- d-----w- c:\documents and settings\owner\application data\Age of Japan
2011-08-20 16:25:14 -------- d-----w- c:\documents and settings\owner\application data\Search Settings
2011-08-20 16:25:07 -------- d-----w- c:\program files\Application Updater
2011-08-20 16:25:06 -------- d-----w- c:\program files\IObit Toolbar
2011-08-20 16:25:06 -------- d-----w- c:\program files\common files\Spigot
2011-08-19 22:18:50 -------- d-----w- c:\documents and settings\owner\application data\Xmas Blox
2011-08-19 14:04:43 -------- d-----w- c:\documents and settings\owner\application data\f-secure
2011-08-19 14:03:09 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-08-19 02:28:54 -------- d-----w- c:\program files\STOPzilla!
2011-08-19 02:28:53 -------- d-----w- c:\program files\common files\iS3
2011-08-19 00:29:28 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-08-18 22:44:18 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-18 22:44:18 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-18 22:44:18 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-18 22:44:16 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-18 22:44:16 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-18 22:44:16 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-18 22:44:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-18 22:44:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-18 22:44:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-18 22:44:14 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-18 22:44:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-18 22:44:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-16 21:47:14 -------- d-----w- c:\program files\bfgclient
2011-08-16 00:48:45 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip
2011-08-16 00:09:27 -------- d-----w- c:\documents and settings\owner\application data\Avira
2011-08-12 21:36:00 -------- d-----w- c:\program files\Virtual Assistant
2011-08-12 21:30:28 -------- d-----w- c:\program files\CenturyLink
2011-08-12 21:30:01 -------- d-----w- c:\program files\EMBARQ
2011-08-12 21:28:22 -------- d-----w- c:\program files\Sprint_Activation
2011-08-12 21:27:54 -------- d-----w- c:\program files\common files\Motive
2011-08-12 16:57:12 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-08-12 16:57:12 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-08-11 03:05:24 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-08-10 15:03:47 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:55:05 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 06:42:30 -------- d-----w- c:\program files\Ultimate Puzzles 500
2011-08-07 06:41:12 -------- d-----w- c:\documents and settings\owner\WINDOWS
2011-08-05 09:20:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-05 09:20:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 03:06:39 -------- d-----w- c:\documents and settings\owner\application data\Oberon
2011-07-30 03:06:39 -------- d-----w- c:\documents and settings\all users\application data\Oberon
2011-07-28 05:19:12 -------- d-----w- c:\documents and settings\owner\application data\JQ
.
==================== Find3M ====================
.
2011-08-14 02:44:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 03:55:48 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 15:03:24 669816 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 15:03:22 519800 ----a-w- c:\windows\system32\accesor.dll
2011-07-08 14:40:48 140920 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 14:24:06 2022520 ----a-w- c:\windows\system32\ncscolib.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-28 08:12:42 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 20:00:50 192000 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-03-30 07:55:31 461 ----a-w- c:\program files\033020112553104.bat
2011-03-22 04:15:52 462 ----a-w- c:\program files\0321201123155192.bat
2010-10-21 17:46:55 462 ----a-w- c:\program files\1021201012465568.bat
2010-09-01 04:26:57 476 ----a-w- c:\program files\0831201023265700.bat
2010-01-06 02:21:47 471 ----a-w- c:\program files\0105201020214746.bat
2008-07-16 02:08:30 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
.
============= FINISH: 1:21:05.50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2008 8:39:22 PM
System Uptime: 8/24/2011 12:59:03 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 99.157 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP57: 5/27/2011 12:46:04 AM - System Checkpoint
RP58: 5/28/2011 4:54:12 AM - System Checkpoint
RP59: 5/30/2011 1:48:01 AM - System Checkpoint
RP60: 5/31/2011 9:11:59 AM - System Checkpoint
RP61: 6/1/2011 6:34:01 PM - System Checkpoint
RP62: 6/2/2011 7:12:03 PM - System Checkpoint
RP63: 6/4/2011 4:21:37 PM - System Checkpoint
RP64: 6/5/2011 4:55:46 PM - System Checkpoint
RP65: 6/6/2011 5:00:16 PM - System Checkpoint
RP66: 6/7/2011 7:35:45 PM - System Checkpoint
RP67: 6/10/2011 3:33:39 AM - System Checkpoint
RP68: 6/10/2011 8:21:25 PM - Restore Operation
RP69: 6/10/2011 8:24:27 PM - Restore Operation
RP70: 6/11/2011 11:19:20 PM - System Checkpoint
RP71: 6/12/2011 11:19:35 PM - System Checkpoint
RP72: 6/13/2011 11:31:56 PM - System Checkpoint
RP73: 6/23/2011 5:40:33 PM - System Checkpoint
RP74: 6/24/2011 3:00:44 AM - Software Distribution Service 3.0
RP75: 6/25/2011 7:47:43 PM - System Checkpoint
RP76: 6/26/2011 10:27:25 PM - System Checkpoint
RP77: 6/27/2011 11:29:29 PM - System Checkpoint
RP78: 6/29/2011 2:40:10 AM - Software Distribution Service 3.0
RP79: 6/30/2011 1:57:14 AM - Software Distribution Service 3.0
RP80: 7/1/2011 2:06:00 AM - System Checkpoint
RP81: 7/2/2011 3:22:07 AM - System Checkpoint
RP82: 7/2/2011 6:51:14 PM - Avira AntiVir Personal - 7/2/2011 18:48
RP83: 7/4/2011 1:39:53 AM - System Checkpoint
RP84: 7/4/2011 4:24:39 PM - Installed Java(TM) 6 Update 26
RP85: 7/6/2011 4:32:02 AM - System Checkpoint
RP86: 7/7/2011 8:59:43 AM - System Checkpoint
RP87: 7/8/2011 9:45:01 AM - System Checkpoint
RP88: 7/10/2011 5:32:28 AM - System Checkpoint
RP89: 7/11/2011 4:28:29 PM - System Checkpoint
RP90: 7/13/2011 3:29:10 AM - System Checkpoint
RP91: 7/14/2011 3:01:15 AM - Software Distribution Service 3.0
RP92: 7/15/2011 9:12:00 AM - System Checkpoint
RP93: 7/16/2011 11:18:51 AM - System Checkpoint
RP94: 7/17/2011 9:53:55 PM - Restore Operation
RP95: 7/17/2011 9:59:12 PM - Restore Operation
RP96: 7/19/2011 1:22:58 AM - System Checkpoint
RP97: 7/20/2011 4:48:27 PM - System Checkpoint
RP98: 7/22/2011 11:59:34 AM - System Checkpoint
RP99: 7/23/2011 8:49:32 PM - System Checkpoint
RP100: 7/24/2011 11:55:36 PM - System Checkpoint
RP101: 7/26/2011 2:52:15 AM - System Checkpoint
RP102: 7/27/2011 5:00:57 AM - System Checkpoint
RP103: 7/28/2011 8:53:24 AM - System Checkpoint
RP104: 7/29/2011 4:17:30 PM - System Checkpoint
RP105: 7/30/2011 7:19:39 PM - System Checkpoint
RP106: 8/1/2011 11:03:01 AM - System Checkpoint
RP107: 8/2/2011 2:22:13 PM - System Checkpoint
RP108: 8/5/2011 4:18:27 AM - Restore Operation
RP109: 8/6/2011 10:27:20 AM - System Checkpoint
RP110: 8/7/2011 3:35:32 PM - System Checkpoint
RP111: 8/9/2011 9:13:35 AM - System Checkpoint
RP112: 8/10/2011 9:46:32 AM - System Checkpoint
RP113: 8/10/2011 11:12:54 AM - Software Distribution Service 3.0
RP114: 8/10/2011 10:04:55 PM - Installed VC90_CRT_x86.
RP115: 8/10/2011 10:05:07 PM - Installed Intel(R) Network Connections.
RP116: 8/11/2011 12:07:27 AM - Software Distribution Service 3.0
RP117: 8/11/2011 9:21:46 PM - Software Distribution Service 3.0
RP118: 8/13/2011 9:53:59 AM - System Checkpoint
RP119: 8/14/2011 10:43:12 AM - System Checkpoint
RP120: 8/14/2011 11:08:14 PM - Removed Adobe Reader 9.4.5.
RP121: 8/14/2011 11:09:30 PM - Installed Adobe Reader X (10.1.0).
RP122: 8/16/2011 2:29:47 AM - System Checkpoint
RP123: 8/17/2011 4:10:17 AM - System Checkpoint
RP124: 8/18/2011 1:21:30 PM - System Checkpoint
RP125: 8/18/2011 7:26:32 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP126: 8/18/2011 9:23:42 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP127: 8/18/2011 9:28:30 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP128: 8/20/2011 1:02:24 AM - System Checkpoint
RP129: 8/21/2011 4:24:54 AM - Before download otl GeekPolice
RP130: 8/21/2011 4:36:21 AM - OTL Restore Point - 8/21/2011 4:36:12 AM
RP131: 8/22/2011 5:23:14 AM - System Checkpoint
RP132: 8/23/2011 6:30:53 AM - System Checkpoint
RP133: 8/23/2011 8:18:16 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
10 Days Under The Sea
1912 Titanic Mystery
Abundante!
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Advanced SystemCare 4
All Knight Diner (Diner Dash Hometown Hero - Gourmet)
ALOT Toolbar
Amazon Kindle
AppCore
AquaPearls
ASPCA Tri Reminder by We-Care.com
AXIS Media Control Embedded
Backup
BDStudioGames
Big City Adventure(TM) - New York City
Big Fish Games: Game Manager
Big Kahuna Reef 2 - Chain Reaction
Bing Bar
BufferChm
Burger Bustle
Burger Island
Burger Island(R) 2 - The Missing Ingredient
Burger Shop
Burger Shop 2
BurgerTime Deluxe
CA Yahoo! Anti-Spy (remove only)
Cake Mania - Lights, Camera, Action!(TM)
Cake Mania 3
Cake Mania Main Street
Cake Mania To the Max
Cake Mania To the Max (remove only)
Cake Shop
Cash Out
Casino Island To Go
ccCommon
CenturyLink Remote Control
CheckIt Diagnostics
Chronicles of Albian - The Magic Convention
Coffee Rush
Coffee Rush 2
Compatibility Pack for the 2007 Office system
Conduit Engine
Cooking Dash
Cooking Dash 3 Thrills and Spills
Cooking Dash DinerTown Studios
Cooking Quest
Cradle of Rome 2
Critical Update for Windows Media Player 11 (KB959772)
Cruise Clues(TM) - Caribbean Adventure
Cursed House
D1500
D1500_Help
Dark Parables - Curse of Briar Rose
Data Lifeguard Tools
Delicious - Emily's Holiday Season
Delicious - Emily's Taste of Fame
Delicious - Emily's Tea Garden
Delicious 2 Deluxe
Delicious 5
Delicious Emily's Childhood Memories
Delicious winter edition Deluxe
Dell Driver Download Manager
Dell Driver Reset Tool
Dell ResourceCD
Detective Agency
DeviceDiscovery
Diner Dash
Diner Dash Hometown Hero
Diner Dash Hometown Hero - Gourmet
Diner Town Detective Agency
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Domino Master Gold
Dragon Portals
Dragon Stone
Dream Day First Home
Dream Day True Love
Dream Day Wedding: Married in Manhattan
Dress Up Rush
Farm Frenzy
Farm Frenzy - Pizza Party!
Farm Frenzy 2
Farm Frenzy 3 - American Pie
Farm Frenzy 3 - Madagascar
Farm Frenzy: Gone Fishing
FarmMania
FarmMania2
Fashion Assistant
Fashion Boutique
Fashion Dash
FileServe Manager 1.0.0.3024
Fitness Dash
Flash Dating
Game Booster
GameBox Toolbar
GamesBar 2.0.1.81
GearDrvs
Gemsweeper
Go Go Gourmet Chef of the Year
Gold Fever
Gold Miner Vegas
Gold Rush - Treasure Hunt
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Gourmania
Gourmania 2 - Great Expectations
Gourmania 3 Zoo Zoom
GPBaseService
Heroes of Kalevala
Hidden Magic
Hobby Farm
Hotdog Hotshot
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPDiagnosticAlert
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Inbox Toolbar
InstantShareAlert
InstantShareDevicesMFC
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 16.4.69.0
IObit Malware Fighter
IObit Toolbar v4.6
iWin Games (remove only)
Jane's Hotel
Jane's Hotel 3
Jane's Hotel Family Hero
Java Auto Updater
Java(TM) 6 Update 26
Jessica's Cupcake Cafe
Jewel Keepers Easter Island
Jewel Match 2
Jewel Quest
Jewel Quest Heritage
Jewel Quest Mysteries The Seventh Gate
Julia's Quest United Kingdom
Keys to Manhattan
Kitchen Brigade
Liong - The Lost Amulets
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
Lost in Reefs
Luxor - Quest for the Afterlife
Luxor 5th Passage
Luxor Adventures
Luxor HD
Mahjongg Investigations - Under Suspicion
Making Mr. Right
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Mary Kay Andrews - The Fixer Upper
Matchmaker - Joining Hearts
McAfee Security Scan Plus
Mega Manager
Memorabilia - Mia's Mysterious Memory Machine
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Outlook 98
Microsoft Picture It! Photo Premium 9
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Miriel's Enchanted Mystery
Miriel the Magical Merchant
Modem Helper
Mortimer Beckett and the Lost King
Mortimer Beckett and the Secrets of Spooky Manor
Mortimer Beckett and the Time Paradox
Mozilla Firefox (2.0)
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPublisher
Mystery Legends™ - Sleepy Hollow
Mystery Stories - Island of Hope
Mystic Emporium
NEF Codec
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
OpenAL
PanoStandAlone
Paradise Quest
Penny Dreadfuls(TM) Sweeney Todd
Pharaoh's Feast (Diner Dash Hometown Hero - Gourmet)
Picket Fences
Pizza Chef
Posh Boutique
Posh Boutique 2
Posh Shop
PowerDVD 5.5
PSSWCORE
QuickTime
Rainforest Adventure
Ranch Rush
Ranch Rush(R) 2
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealoreStudios Toolbar
RealPlayer
RealUpgrade 1.1
Reel Deal Slot Quest: Alice in Wonderland (remove only)
Reel Deal Slot Quest: Under the Sea (remove only)
Restaurant Rush
Romantic Rendezvous Restaurant (Diner Dash Hometown Hero - Gourmet)
Sally's Quick Clips
Sally's Salon
Sally's Spa
Sally's Studio
Sandlot Connect Version 1.2.6
Sara's Super Spa Deluxe
Sea Journey
SearchElf 1.1 Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Shop for HP Supplies
Smart Defrag
SmartWebPrinting
SolutionCenter
SoundMAX
SPBBC 32bit
Status
STOPzilla
Success Story
SUPERAntiSpyware
Supermarket Management
Supermarket Mania
Supermarket Mania(R) 2
Sushi Frenzy
Sweet Home 3D version 2.6
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
System Requirements Lab
TeamSpeak 3 Client
The Clockwork Man - The Hidden World
The Dash Slipper (Diner Dash Hometown Hero - Gourmet)
The Lost Cases of Sherlock Holmes
The Pirate Tales
The Treasures of Montezuma 2
The Treasures of Mystery Island
The Treasures of Mystery Island 2 - The Gates of Fate
TikiBar
Toolbox
TrayApp
Treasures of Montezuma 3
Tri Peaks 2 Quest For The Ruby Ring
Tropical Farm
Turbo Fiesta
Turbo Pizza
Turbo Subs
Unity Web Player
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Quest The Hawaiian Islands
Ventrilo Client
VideoToolkit01
Waterpark Madness Restaurant (Diner Dash Hometown Hero - Gourmet)
WeatherBug
Web Games Player Plugin
WebFldrs XP
WebReg
Wedding Dash 2
Wedding Dash 4-Ever
Wedding Salon
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 14.5
Wizard's Hat
Wizard Land
Woodwille Chronicles
Word Travels
Word Whomp( TM) Underground
X mas Blox
XfireXO Toolbar
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Yard Sale Hidden Treasures Lucky Junction
Yard Sale Hidden Treasures: Sunnyville
Ye Old Sandwich Shoppe
Youda Sushi Chef
Zuma's Revenge!(TM) - Adventure
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/23/2011 8:41:03 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
8/22/2011 5:33:46 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
8/21/2011 5:47:31 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/18/2011 9:19:35 PM, error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2011 7:56:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
8/18/2011 7:43:40 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/18/2011 7:17:52 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
8/18/2011 7:17:52 PM, error: Service Control Manager [7034] - The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
8/18/2011 6:48:08 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
8/18/2011 6:48:08 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
8/18/2011 6:48:08 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
8/17/2011 3:23:00 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 11:50 pm

The log shows that your Norton AV is out-of-date. Please update it asap.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

uURLSearchHooks: H - No File
BHO: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - 
TB: GameBox Toolbar: {0fef2d2c-cda6-45e4-b2ed-9df7c50c95ff} - c:\program files\gamebox\gamebox_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [] 
Trusted Zone: gamehouse.com\www
Trusted Zone: microsoft.com\windows
Handler: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - c:\program files\gamebox\gamebox_toolbar.dll

:folders 
ALOT Toolbar
GameBox Toolbar

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

************************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

c:\windows\system32\drivers\rolmcacd.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*******************************************************

Please download ComboFix Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Combofix

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Query_RC

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more RC_successful

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 4:42 am

Hi Dave,

I was able to do the OTL scan, but on the next one, Jotti's malware scan, it wouldn't paste at the browse box.
* Copy the file path in the below Code box:

Code:
c:\windows\system32\drivers\rolmcacd.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

I tried different ways to get it in the box, but it just wouldn't paste. Then I figured I would just browse the files and I got as far as "drivers\" and there was no file "rolmcacd" that I could find.

I don't know what else I could try or if it is the Jotti's site. I'll keep trying tomorrow (Thursday) until I here back from you.

Below is the new OTL scan.

All processes killed
========== OTL ==========
Error: Unable to interpret <:folders > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 15376227 bytes

User: NetworkService
->Temp folder emptied: 3526 bytes
->Temporary Internet Files folder emptied: 650227 bytes

User: Owner
->Temp folder emptied: 258727234 bytes
->Temporary Internet Files folder emptied: 44202741 bytes
->Java cache emptied: 50041346 bytes
->FireFox cache emptied: 3483992 bytes
->Google Chrome cache emptied: 7942462 bytes
->Flash cache emptied: 12560 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2175612 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9628370 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 158539819 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 525.00 mb

OTL by OldTimer - Version 3.2.26.5 log created on 08242011_215923

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9C9D.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~DFB305.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X4SUFW3X\mailbox[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K7MRKX7B\hwebmail[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K7MRKX7B\message[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K7MRKX7B\sidebar[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K7MRKX7B\t27872-trojandropper-trojangeneric-trojancrypt-and-more[1].txt moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\61OYQ654\blank[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\61OYQ654\mail[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\JET8FBC.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_694.dat moved successfully.

Registry entries deleted on Reboot...

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 7:36 pm

Ok. Just do the ComboFix scan and we'll see if that file pops up again.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 7:47 pm

ok...going to do it right now...Thanks

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 9:31 pm

Hi Dave...Here is the ComboFix log...it just finished a little bit ago.

ComboFix 11-08-25.01 - Owner 08/25/2011 15:08:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.142 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 02:59 . 2011-08-25 02:59 -------- d-----w- C:\_OTL
2011-08-24 03:55 . 2011-08-24 03:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-08-24 03:55 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 03:55 . 2011-08-24 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 03:55 . 2011-08-24 03:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 03:55 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 01:41 . 2011-08-24 01:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-22 14:50 . 2011-08-22 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Pirate Stories Kit Ellis
2011-08-21 08:29 . 2011-08-21 08:29 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-08-20 20:04 . 2011-08-20 20:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Age of Japan
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Search Settings
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\program files\Application Updater
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\program files\IObit Toolbar
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\program files\Common Files\Spigot
2011-08-19 22:18 . 2011-08-20 00:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Xmas Blox
2011-08-19 14:04 . 2011-08-19 14:04 -------- d-----w- c:\documents and settings\Owner\Application Data\f-secure
2011-08-19 14:03 . 2011-08-19 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-19 02:28 . 2011-08-19 02:28 -------- d-----w- c:\program files\STOPzilla!
2011-08-19 02:28 . 2011-08-19 02:28 -------- d-----w- c:\program files\Common Files\iS3
2011-08-19 00:29 . 2011-08-25 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-08-18 22:44 . 2011-08-18 22:44 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-18 22:44 . 2011-08-18 22:44 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-18 22:44 . 2011-08-18 22:44 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-18 22:44 . 2011-08-18 22:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-18 22:44 . 2011-08-18 22:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-18 22:44 . 2011-08-18 22:44 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-18 22:44 . 2011-08-18 22:44 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-18 22:44 . 2011-08-18 22:44 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-18 22:44 . 2011-08-18 22:44 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-18 22:44 . 2011-08-18 22:44 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-18 22:44 . 2011-08-18 22:44 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-18 22:44 . 2011-08-18 22:44 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-16 21:47 . 2011-08-18 19:52 -------- d-----w- c:\program files\bfgclient
2011-08-16 00:48 . 2011-08-16 00:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2011-08-16 00:09 . 2011-08-16 00:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-08-12 21:36 . 2011-08-12 21:36 -------- d-----w- c:\program files\Virtual Assistant
2011-08-12 21:30 . 2011-08-12 21:30 -------- d-----w- c:\program files\CenturyLink
2011-08-12 21:30 . 2011-08-12 21:30 -------- d-----w- c:\program files\EMBARQ
2011-08-12 21:28 . 2011-08-12 21:28 -------- d-----w- c:\program files\Sprint_Activation
2011-08-12 21:28 . 2011-08-12 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2011-08-12 21:27 . 2011-08-12 22:38 -------- d-----w- c:\program files\Common Files\Motive
2011-08-12 16:57 . 2004-08-04 03:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-08-12 16:57 . 2004-08-04 03:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-08-11 03:05 . 2011-05-23 21:47 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-08-10 15:03 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:55 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 06:42 . 2011-08-10 21:27 -------- d-----w- c:\program files\Ultimate Puzzles 500
2011-08-07 06:41 . 2011-08-07 06:41 -------- d-----w- c:\documents and settings\Owner\WINDOWS
2011-08-05 09:20 . 2011-08-05 09:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 03:06 . 2011-07-30 03:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberon
2011-07-30 03:06 . 2011-07-30 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon
2011-07-28 05:19 . 2011-07-28 05:19 -------- d-----w- c:\documents and settings\Owner\Application Data\JQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 02:44 . 2011-05-13 16:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-13 08:30 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-13 08:30 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 03:55 . 2011-07-02 23:51 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-11 03:55 . 2011-07-02 23:51 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 15:03 . 2011-07-08 15:03 669816 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 15:03 . 2011-07-08 15:03 519800 ----a-w- c:\windows\system32\accesor.dll
2011-07-08 14:40 . 2011-07-08 14:40 140920 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 14:24 . 2011-07-08 14:24 2022520 ----a-w- c:\windows\system32\ncscolib.dll
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-28 08:12 . 2011-06-28 08:12 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10 . 2008-06-22 01:33 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 20:00 . 2011-06-09 20:00 192000 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-03-30 07:55 . 2011-03-30 07:55 461 ----a-w- c:\program files\033020112553104.bat
2011-03-22 04:15 . 2011-03-22 04:15 462 ----a-w- c:\program files\0321201123155192.bat
2010-10-21 17:46 . 2010-10-21 17:46 462 ----a-w- c:\program files\1021201012465568.bat
2010-09-01 04:26 . 2010-09-01 04:26 476 ----a-w- c:\program files\0831201023265700.bat
2010-01-06 02:21 . 2010-01-06 02:21 471 ----a-w- c:\program files\0105201020214746.bat
2008-07-16 02:08 . 2011-03-20 23:26 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2009-04-01 03:47 . 2009-04-05 23:41 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-10-11 08:04 . 2009-04-05 23:41 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-04-05 23:41 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-04-05 23:41 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-04-05 23:41 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-04-05 23:41 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\prxtbRea2.dll" [2011-01-17 175912]
"{00f2c0c6-2194-484e-9064-44e57787867b}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
.
[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00f2c0c6-2194-484e-9064-44e57787867b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\SearchElf_1.1\prxtbSea2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
2011-01-17 14:54 175912 ----a-w- c:\program files\RealoreStudios\prxtbRea2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\prxtbRea2.dll" [2011-01-17 175912]
"{00f2c0c6-2194-484e-9064-44e57787867b}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
.
[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}"= "c:\program files\RealoreStudios\prxtbRea2.dll" [2011-01-17 175912]
"{00F2C0C6-2194-484E-9064-44E57787867B}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
.
[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-06-20 954648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-22 04:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]
R1 rolmcacd;rolmcacd;c:\windows\system32\drivers\rolmcacd.sys [x]
R2 gupdate1c9b37b178cbdfe;Google Update Service (gupdate1c9b37b178cbdfe);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 cpuz134;cpuz134;c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-08 41272]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [2009-12-07 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2010-05-12 59280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-06 3744]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-05-23 112800]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-06 3904]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [2011-07-11 239600]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [2011-03-23 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [2011-03-23 16080]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-10 19:46]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 10:09]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 10:09]
.
2011-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-08-15 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-10-07 23:08]
.
2011-08-25 c:\windows\Tasks\User_Feed_Synchronization-{FC5CA896-1EC2-43B6-B82F-9CD4B98BFBD1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: gamehouse.com\www
Trusted Zone: microsoft.com\windows
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://p.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://207.119.127.218/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://centurytel.myway.com
user_pref(general.useragent.extra.btrs, BTRS86070);user_pref(browser.search.defaultenginename, Yahoo);FF - prefs.js: browser.search.selectedEngine - Yahoo);user_pref(keyword.URL, hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=);user_pref(browser.search.param.yahoo-fr, chr-greentree_ff&type=382950);user_pref(browser.search.defaultenginename, Yahoo);user_pref(browser.search.selectedEngine, Yahoo);user_pref(keyword.URL, http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=);user_pref(browser.search.param.yahoo-fr, chr-greentree_ff&type=382950);user_pref(yahoo.ytff.general.showaddbtn, false);user_pref(browser.search.defaultenginename, Yahoo
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960} - c:\program files\Oberon Media\Word Whomp Underground\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,14,20,71,b3,6f,cd,4c,9f,b8,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,14,20,71,b3,6f,cd,4c,9f,b8,2d,\
.
[HKEY_USERS\S-1-5-21-1229272821-1409082233-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2011-08-25 16:17:31
ComboFix-quarantined-files.txt 2011-08-25 21:16
.
Pre-Run: 107,054,694,400 bytes free
Post-Run: 107,373,232,128 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F42F4D84C3EDFA20E5B2A482D240A7F8

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:23 pm

Please try using this one to scan this file.

You can also run it through the Comodo Instant Malware Analysis (CIMA) to get an idea what it's going to do. http://camas.comodo.com/

Code:

c:\windows\system32\drivers\rolmcacd.sys

********************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

KillAll::
DDS::
Trusted Zone: gamehouse.com\www
Trusted Zone: microsoft.com\windows
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

****************************************************
Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:42 pm

Hi Dave.

This other program won't let me paste:
c:\windows\system32\drivers\rolmcacd.sys

in that line either.

Do you still want me to re-scan ComboFix or scan the other program?

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:47 pm

Yes, please do the other scans.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:55 pm

ok...thanks...I wasn't sure if they have to be in a certain order or not.

Starting them now.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:29 am

Hi Dave,

I ran the 2 scans below. The TDSSKiller is in the 2nd reply (wouldn't fiton same page).

I also tried the Comodo one after the other 2 scans and it still won't let me paste
c:\windows\system32\drivers\rolmcacd.sys
into the box.

ComboFix 11-08-25.01 - Owner 08/25/2011 18:14:06.2.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\2h40j8edi1oh034i_o\us_sres.data
c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\.#\MBX@27C@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@27C@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@27C@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@298@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@298@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@298@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@30C@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@30C@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@30C@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@34C@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@34C@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@34C@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@420@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@420@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@420@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@448@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@448@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@448@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@48C@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@48C@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@48C@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@610@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@610@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@610@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@708@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@708@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@708@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@7E8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@7E8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@7E8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@7F4@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@7F4@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@7F4@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@838@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@838@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@838@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@854@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@854@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@854@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@898@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@898@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@898@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@8C0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@8C0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@8C0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@8E0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@8E0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@8E0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@8F4@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@8F4@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@8F4@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@948@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@948@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@948@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@954@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@954@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@954@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@980@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@980@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@980@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@9A8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@9A8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@9A8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@9AC@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@9AC@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@9AC@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@9EC@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@9EC@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@9EC@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@A20@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@A20@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@A20@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@AE0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@AE0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@AE0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@B90@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@B90@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@B90@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@BC4@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@BC4@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@BC4@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@BC8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@BC8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@BC8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@BDC@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@BDC@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@BDC@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@C40@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@C40@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@C40@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@D5C@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@D5C@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@D5C@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@DB8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DB8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DB8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@DC0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DC0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DC0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@DC8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DC8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DC8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@DF0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DF0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@DF0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@E00@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@E00@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@E00@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@E84@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@E84@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@E84@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@EA8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EA8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EA8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@EE8@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EE8@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EE8@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@EEC@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EEC@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EEC@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@EFC@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EFC@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@EFC@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@F24@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@F24@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@F24@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@F64@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@F64@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@F64@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@FB0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@FB0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@FB0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@FC0@3841A0.###
c:\documents and settings\Owner\Application Data\.#\MBX@FC0@3841D0.###
c:\documents and settings\Owner\Application Data\.#\MBX@FC0@384200.###
c:\documents and settings\Owner\Application Data\.#\MBX@FE8@F45B78.###
c:\documents and settings\Owner\Application Data\.#\MBX@FE8@F45BD8.###
c:\documents and settings\Owner\Application Data\alot
c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Owner\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Owner\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Owner\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Owner\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Owner\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Owner\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Owner\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Owner\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Owner\Application Data\alot\products\products.xml
c:\documents and settings\Owner\Application Data\alot\products\products.xml.backup
c:\documents and settings\Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1001_alot_rec_recipesearch.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1001_alot_rec_recipesearch.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_2\images\default_1462_www.bhg.com_button.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_3\images\pcloud.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1244_alot_rec_recipenews.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1244_alot_rec_recipenews.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_4\images\default_1245_www.bhg.com_button.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1104_alot_recipe_cupboard.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_5\images\default_1104_alot_recipe_cupboard.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1105_alot_recipe_videos.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_6\images\default_1105_alot_recipe_videos.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_1046_alot_mrkt_180.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_7\images\default_1046_alot_mrkt_180.png
c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_1516_alot_mrkt_check.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Button_8\images\default_1516_alot_mrkt_check.png
c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Owner\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Owner\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Owner\Application Data\alot\toolbar.xml
c:\documents and settings\Owner\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Owner\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
C:\drvrtmp
c:\windows\system32\config\systemprofile\Application Data\alot
c:\windows\system32\config\systemprofile\Application Data\alot\Button_0\Button_0.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_0\Button_0.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_1\Button_1.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_1\Button_1.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_2\Button_2.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_2\Button_2.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_3\Button_3.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_3\Button_3.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_4\Button_4.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_4\Button_4.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_5\Button_5.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_5\Button_5.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_6\Button_6.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_6\Button_6.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_7\Button_7.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_7\Button_7.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\Button_8\Button_8.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Button_8\Button_8.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\configurator\configurator.xml
c:\windows\system32\config\systemprofile\Application Data\alot\configurator\configurator.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\contextMenu\contextMenu.xml
c:\windows\system32\config\systemprofile\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\products\products.xml
c:\windows\system32\config\systemprofile\Application Data\alot\products\products.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\resources\Button_2\images\1462_icon.png
c:\windows\system32\config\systemprofile\Application Data\alot\resources\Button_4\images\1245_icon.png
c:\windows\system32\config\systemprofile\Application Data\alot\resources\Button_5\images\default_1104_alot_recipe_cupboard.png
c:\windows\system32\config\systemprofile\Application Data\alot\resources\Button_6\images\1357_icon.png
c:\windows\system32\config\systemprofile\Application Data\alot\TimerManager\TimerManager.xml
c:\windows\system32\config\systemprofile\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\windows\system32\config\systemprofile\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Updater\Updater.xml
c:\windows\system32\config\systemprofile\Application Data\alot\Updater\Updater.xml.backup
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-25 02:59 . 2011-08-25 02:59 -------- d-----w- C:\_OTL
2011-08-24 03:55 . 2011-08-24 03:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-08-24 03:55 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 03:55 . 2011-08-24 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 03:55 . 2011-08-24 03:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 03:55 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 01:41 . 2011-08-24 01:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-22 14:50 . 2011-08-22 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Pirate Stories Kit Ellis
2011-08-21 08:29 . 2011-08-21 08:29 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-08-20 20:04 . 2011-08-20 20:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Age of Japan
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Search Settings
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\program files\Application Updater
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\program files\IObit Toolbar
2011-08-20 16:25 . 2011-08-20 16:25 -------- d-----w- c:\program files\Common Files\Spigot
2011-08-19 22:18 . 2011-08-20 00:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Xmas Blox
2011-08-19 14:04 . 2011-08-19 14:04 -------- d-----w- c:\documents and settings\Owner\Application Data\f-secure
2011-08-19 14:03 . 2011-08-19 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-19 02:28 . 2011-08-19 02:28 -------- d-----w- c:\program files\STOPzilla!
2011-08-19 02:28 . 2011-08-19 02:28 -------- d-----w- c:\program files\Common Files\iS3
2011-08-19 00:29 . 2011-08-26 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-08-18 22:44 . 2011-08-18 22:44 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-18 22:44 . 2011-08-18 22:44 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-18 22:44 . 2011-08-18 22:44 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-18 22:44 . 2011-08-18 22:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-18 22:44 . 2011-08-18 22:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-18 22:44 . 2011-08-18 22:44 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-18 22:44 . 2011-08-18 22:44 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-18 22:44 . 2011-08-18 22:44 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-18 22:44 . 2011-08-18 22:44 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-18 22:44 . 2011-08-18 22:44 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-18 22:44 . 2011-08-18 22:44 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-18 22:44 . 2011-08-18 22:44 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-16 21:47 . 2011-08-18 19:52 -------- d-----w- c:\program files\bfgclient
2011-08-16 00:48 . 2011-08-16 00:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2011-08-16 00:09 . 2011-08-16 00:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-08-12 21:36 . 2011-08-12 21:36 -------- d-----w- c:\program files\Virtual Assistant
2011-08-12 21:30 . 2011-08-12 21:30 -------- d-----w- c:\program files\CenturyLink
2011-08-12 21:30 . 2011-08-12 21:30 -------- d-----w- c:\program files\EMBARQ
2011-08-12 21:28 . 2011-08-12 21:28 -------- d-----w- c:\program files\Sprint_Activation
2011-08-12 21:28 . 2011-08-12 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2011-08-12 21:27 . 2011-08-12 22:38 -------- d-----w- c:\program files\Common Files\Motive
2011-08-12 16:57 . 2004-08-04 03:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-08-12 16:57 . 2004-08-04 03:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-08-11 03:05 . 2011-05-23 21:47 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-08-10 15:03 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:55 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-07 06:42 . 2011-08-10 21:27 -------- d-----w- c:\program files\Ultimate Puzzles 500
2011-08-05 09:20 . 2011-08-05 09:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 03:06 . 2011-07-30 03:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberon
2011-07-30 03:06 . 2011-07-30 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon
2011-07-28 05:19 . 2011-07-28 05:19 -------- d-----w- c:\documents and settings\Owner\Application Data\JQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 02:44 . 2011-05-13 16:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-13 08:30 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-13 08:30 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 03:55 . 2011-07-02 23:51 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-11 03:55 . 2011-07-02 23:51 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 15:03 . 2011-07-08 15:03 669816 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 15:03 . 2011-07-08 15:03 519800 ----a-w- c:\windows\system32\accesor.dll
2011-07-08 14:40 . 2011-07-08 14:40 140920 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 14:24 . 2011-07-08 14:24 2022520 ----a-w- c:\windows\system32\ncscolib.dll
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-28 08:12 . 2011-06-28 08:12 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-24 14:10 . 2008-06-22 01:33 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-09 20:00 . 2011-06-09 20:00 192000 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-03-30 07:55 . 2011-03-30 07:55 461 ----a-w- c:\program files\033020112553104.bat
2011-03-22 04:15 . 2011-03-22 04:15 462 ----a-w- c:\program files\0321201123155192.bat
2010-10-21 17:46 . 2010-10-21 17:46 462 ----a-w- c:\program files\1021201012465568.bat
2010-09-01 04:26 . 2010-09-01 04:26 476 ----a-w- c:\program files\0831201023265700.bat
2010-01-06 02:21 . 2010-01-06 02:21 471 ----a-w- c:\program files\0105201020214746.bat
2008-07-16 02:08 . 2011-03-20 23:26 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2009-04-01 03:47 . 2009-04-05 23:41 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-10-11 08:04 . 2009-04-05 23:41 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-04-05 23:41 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-04-05 23:41 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-04-05 23:41 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-04-05 23:41 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-25_20.54.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-26 00:40 . 2011-08-26 00:40 16384 c:\windows\Temp\Perflib_Perfdata_e14.dat
+ 2011-08-26 00:39 . 2011-08-26 00:39 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat
+ 2009-06-27 15:38 . 2011-08-25 18:06 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-27 15:38 . 2011-08-25 20:51 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\prxtbRea2.dll" [2011-01-17 175912]
"{00f2c0c6-2194-484e-9064-44e57787867b}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
.
[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00f2c0c6-2194-484e-9064-44e57787867b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\SearchElf_1.1\prxtbSea2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
2011-01-17 14:54 175912 ----a-w- c:\program files\RealoreStudios\prxtbRea2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03fee850-0101-4e9e-b6d4-6fc74d3db360}"= "c:\program files\RealoreStudios\prxtbRea2.dll" [2011-01-17 175912]
"{00f2c0c6-2194-484e-9064-44e57787867b}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
.
[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}"= "c:\program files\RealoreStudios\prxtbRea2.dll" [2011-01-17 175912]
"{00F2C0C6-2194-484E-9064-44E57787867B}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
.
[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-06-20 954648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-22 04:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5/10/2011 8:40 AM 353168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/2/2011 6:52 PM 136360]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8/17/2011 1:00 PM 402328]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/22/2008 12:20 PM 3744]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/24/2011 2:50 PM 820568]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [8/10/2011 10:05 PM 112800]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 10:17 AM 176848]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/22/2008 12:20 PM 3904]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [7/22/2011 5:34 AM 239600]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [7/22/2011 5:34 AM 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [7/22/2011 5:34 AM 16080]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S1 rolmcacd;rolmcacd;\??\c:\windows\system32\drivers\rolmcacd.sys --> c:\windows\system32\drivers\rolmcacd.sys [?]
S2 gupdate1c9b37b178cbdfe;Google Update Service (gupdate1c9b37b178cbdfe);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 5:09 AM 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 cpuz134;cpuz134;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 5:09 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 10:55 PM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 9:33 AM 237008]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-10 19:46]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 10:09]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 10:09]
.
2011-08-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-08-26 c:\windows\Tasks\User_Feed_Synchronization-{FC5CA896-1EC2-43B6-B82F-9CD4B98BFBD1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://p.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://207.119.127.218/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://centurytel.myway.com
user_pref(general.useragent.extra.btrs, BTRS86070);user_pref(browser.search.defaultenginename, Yahoo);FF - prefs.js: browser.search.selectedEngine - Yahoo);user_pref(keyword.URL, hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=);user_pref(browser.search.param.yahoo-fr, chr-greentree_ff&type=382950);user_pref(browser.search.defaultenginename, Yahoo);user_pref(browser.search.selectedEngine, Yahoo);user_pref(keyword.URL, http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=);user_pref(browser.search.param.yahoo-fr, chr-greentree_ff&type=382950);user_pref(yahoo.ytff.general.showaddbtn, false);user_pref(browser.search.defaultenginename, Yahoo
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,14,20,71,b3,6f,cd,4c,9f,b8,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,14,20,71,b3,6f,cd,4c,9f,b8,2d,\
.
[HKEY_USERS\S-1-5-21-1229272821-1409082233-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\STOPzilla!\STOPzilla.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2011-08-25 19:58:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-26 00:57
ComboFix2.txt 2011-08-25 21:17
.
Pre-Run: 107,385,028,608 bytes free
Post-Run: 107,373,182,976 bytes free
.
- - End Of File - - AD38689D657CFFB48F86B2D4441BB181

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:30 am

Hi Dave,

This is the 2nd report.

2011/08/25 20:16:47.0703 6900 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 20:16:48.0250 6900 ================================================================================
2011/08/25 20:16:48.0250 6900 SystemInfo:
2011/08/25 20:16:48.0250 6900
2011/08/25 20:16:48.0250 6900 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/25 20:16:48.0250 6900 Product type: Workstation
2011/08/25 20:16:48.0250 6900 ComputerName: GINA
2011/08/25 20:16:48.0250 6900 UserName: Owner
2011/08/25 20:16:48.0250 6900 Windows directory: C:\WINDOWS
2011/08/25 20:16:48.0250 6900 System windows directory: C:\WINDOWS
2011/08/25 20:16:48.0250 6900 Processor architecture: Intel x86
2011/08/25 20:16:48.0250 6900 Number of processors: 1
2011/08/25 20:16:48.0250 6900 Page size: 0x1000
2011/08/25 20:16:48.0250 6900 Boot type: Normal boot
2011/08/25 20:16:48.0250 6900 ================================================================================
2011/08/25 20:16:50.0359 6900 Initialize success
2011/08/25 20:17:08.0109 8588 ================================================================================
2011/08/25 20:17:08.0109 8588 Scan started
2011/08/25 20:17:08.0109 8588 Mode: Manual;
2011/08/25 20:17:08.0109 8588 ================================================================================
2011/08/25 20:17:09.0296 8588 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/25 20:17:09.0359 8588 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/25 20:17:09.0453 8588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/25 20:17:09.0515 8588 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/25 20:17:09.0796 8588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/25 20:17:09.0875 8588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/25 20:17:09.0953 8588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/25 20:17:10.0000 8588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/25 20:17:10.0062 8588 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/25 20:17:10.0109 8588 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/25 20:17:10.0234 8588 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
2011/08/25 20:17:10.0296 8588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/25 20:17:10.0390 8588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/25 20:17:10.0468 8588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/25 20:17:10.0531 8588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/25 20:17:10.0562 8588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/25 20:17:10.0609 8588 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/08/25 20:17:10.0734 8588 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/08/25 20:17:10.0812 8588 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\WINDOWS\system32\drivers\CO_Mon.sys
2011/08/25 20:17:11.0000 8588 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/08/25 20:17:11.0109 8588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/25 20:17:11.0187 8588 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/25 20:17:11.0250 8588 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/25 20:17:11.0296 8588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/25 20:17:11.0343 8588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/25 20:17:11.0453 8588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/25 20:17:11.0515 8588 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/25 20:17:11.0593 8588 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/25 20:17:11.0687 8588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/25 20:17:11.0750 8588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/25 20:17:11.0890 8588 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
2011/08/25 20:17:11.0953 8588 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/25 20:17:12.0000 8588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/25 20:17:12.0046 8588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/25 20:17:12.0125 8588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/25 20:17:12.0171 8588 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/25 20:17:12.0218 8588 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/25 20:17:12.0281 8588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/25 20:17:12.0359 8588 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/25 20:17:12.0453 8588 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/25 20:17:12.0500 8588 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/25 20:17:12.0546 8588 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/25 20:17:12.0609 8588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/25 20:17:12.0718 8588 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/25 20:17:12.0812 8588 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/25 20:17:12.0921 8588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/25 20:17:13.0062 8588 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/08/25 20:17:13.0140 8588 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/08/25 20:17:13.0218 8588 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/08/25 20:17:13.0250 8588 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/25 20:17:13.0312 8588 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/25 20:17:13.0359 8588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/25 20:17:13.0406 8588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/25 20:17:13.0437 8588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/25 20:17:13.0484 8588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/25 20:17:13.0546 8588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/25 20:17:13.0593 8588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/25 20:17:13.0640 8588 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
2011/08/25 20:17:13.0687 8588 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/25 20:17:13.0765 8588 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/25 20:17:13.0843 8588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/25 20:17:13.0890 8588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/25 20:17:14.0031 8588 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
2011/08/25 20:17:14.0093 8588 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/25 20:17:14.0156 8588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/25 20:17:14.0218 8588 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/25 20:17:14.0281 8588 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/08/25 20:17:14.0343 8588 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/08/25 20:17:14.0406 8588 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/25 20:17:14.0453 8588 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/25 20:17:14.0500 8588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/25 20:17:14.0625 8588 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/08/25 20:17:14.0687 8588 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/08/25 20:17:14.0734 8588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/25 20:17:14.0781 8588 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/25 20:17:14.0828 8588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/25 20:17:14.0875 8588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/25 20:17:14.0906 8588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/25 20:17:14.0937 8588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/25 20:17:14.0984 8588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/25 20:17:15.0031 8588 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/25 20:17:15.0093 8588 NAL (35b94fb62c96807183841ca4e0fb44d8) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/08/25 20:17:15.0265 8588 NAVENG (494c4ebfee40baaff49492b97abaf18c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090329.003\NAVENG.SYS
2011/08/25 20:17:15.0312 8588 NAVEX15 (f4a95d6d20767a5f1f2b2fed261a1b23) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090329.003\NAVEX15.SYS
2011/08/25 20:17:15.0390 8588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/25 20:17:15.0453 8588 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/25 20:17:15.0500 8588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/25 20:17:15.0531 8588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/25 20:17:15.0578 8588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/25 20:17:15.0625 8588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/25 20:17:15.0671 8588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/25 20:17:15.0734 8588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/25 20:17:15.0781 8588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/25 20:17:15.0859 8588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/25 20:17:15.0906 8588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/25 20:17:15.0937 8588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/25 20:17:16.0000 8588 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/08/25 20:17:16.0046 8588 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/08/25 20:17:16.0109 8588 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2011/08/25 20:17:16.0203 8588 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/25 20:17:16.0250 8588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/25 20:17:16.0312 8588 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/25 20:17:16.0343 8588 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/25 20:17:16.0406 8588 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/25 20:17:16.0437 8588 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/25 20:17:16.0671 8588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/25 20:17:16.0703 8588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/25 20:17:16.0765 8588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/25 20:17:16.0937 8588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/25 20:17:16.0968 8588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/25 20:17:17.0015 8588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/25 20:17:17.0046 8588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/25 20:17:17.0078 8588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/25 20:17:17.0125 8588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/25 20:17:17.0187 8588 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/25 20:17:17.0234 8588 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/25 20:17:17.0406 8588 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
2011/08/25 20:17:17.0531 8588 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/25 20:17:17.0578 8588 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/25 20:17:17.0609 8588 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/25 20:17:17.0671 8588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/25 20:17:17.0750 8588 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/08/25 20:17:17.0828 8588 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/25 20:17:17.0890 8588 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/25 20:17:17.0953 8588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/25 20:17:18.0062 8588 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/25 20:17:18.0218 8588 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/08/25 20:17:18.0281 8588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/25 20:17:18.0328 8588 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/25 20:17:18.0375 8588 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/08/25 20:17:18.0421 8588 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/08/25 20:17:18.0468 8588 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/08/25 20:17:18.0515 8588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/25 20:17:18.0578 8588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/25 20:17:18.0625 8588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/25 20:17:18.0734 8588 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/08/25 20:17:18.0796 8588 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/25 20:17:18.0843 8588 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/08/25 20:17:18.0875 8588 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/08/25 20:17:19.0015 8588 SYMIDSCO (1902efb9e0901a62a31458ad90d3fed3) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090318.001\SymIDSCo.sys
2011/08/25 20:17:19.0046 8588 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/08/25 20:17:19.0062 8588 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/08/25 20:17:19.0093 8588 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/08/25 20:17:19.0125 8588 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/08/25 20:17:19.0156 8588 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/08/25 20:17:19.0265 8588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/25 20:17:19.0328 8588 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\szkg.sys
2011/08/25 20:17:19.0359 8588 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
2011/08/25 20:17:19.0421 8588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/25 20:17:19.0484 8588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/25 20:17:19.0531 8588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/25 20:17:19.0578 8588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/25 20:17:19.0671 8588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/25 20:17:19.0750 8588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/25 20:17:19.0937 8588 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
2011/08/25 20:17:20.0000 8588 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/25 20:17:20.0046 8588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/25 20:17:20.0093 8588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/25 20:17:20.0156 8588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/25 20:17:20.0187 8588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/25 20:17:20.0234 8588 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/25 20:17:20.0281 8588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/25 20:17:20.0312 8588 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/08/25 20:17:20.0359 8588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/25 20:17:20.0421 8588 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/25 20:17:20.0500 8588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/25 20:17:20.0546 8588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/25 20:17:20.0718 8588 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/25 20:17:20.0750 8588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/25 20:17:20.0828 8588 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/25 20:17:20.0953 8588 Boot (0x1200) (f2fb3d4914b64ea2cd3860c8b9d20810) \Device\Harddisk0\DR0\Partition0
2011/08/25 20:17:20.0968 8588 ================================================================================
2011/08/25 20:17:20.0968 8588 Scan finished
2011/08/25 20:17:20.0968 8588 ================================================================================
2011/08/25 20:17:20.0984 8580 Detected object count: 0
2011/08/25 20:17:20.0984 8580 Actual detected object count: 0

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:53 am

Could you please run another scan with OTL and post the logs?

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:13 am

part 1 of 3

OTL logfile created on: 8/25/2011 9:28:51 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 61.96 Mb Available Physical Memory | 12.15% Memory free
1.21 Gb Paging File | 0.51 Gb Available in Paging File | 42.25% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 100.03 Gb Free Space | 67.12% Space Free | Partition Type: NTFS

Computer Name: GINA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/21 04:31:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/08/18 17:44:30 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/08/18 17:44:26 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/20 12:19:44 | 004,393,816 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/06/17 09:33:02 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/23 16:47:50 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 16:46:58 | 000,431,104 | ---- | M] (We-Care.com) -- C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
PRC - [2010/12/29 05:44:10 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\Gamesbar\SearchEngineProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/29 12:55:54 | 001,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [1997/08/19 02:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Modules (No Company Name) ==========

MOD - [2011/07/22 05:54:14 | 000,862,720 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2010/06/17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [1998/03/12 02:00:00 | 003,772,176 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/08/19 02:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/18 17:44:26 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/17 09:33:02 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/23 16:47:50 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/06/22 15:35:33 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/06/21 23:45:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/10 22:55:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 22:55:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/28 03:12:42 | 000,030,368 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/16 14:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 14:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090329.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090329.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090318.001\SymIDSco.sys -- (SYMIDSCO)
DRV - [2009/01/08 19:38:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/06/15 04:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2005/01/10 12:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 12:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/05 19:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 19:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://centurytel.myway.com"
FF - prefs.js..general.useragent.extra.btrs: "BTRS86070"user_pref("browser.search.defaultenginename", "Yahoo");user_pref("browser.search.selectedEngine", "Yahoo");user_pref("keyword.URL", "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=");user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&type=382950");user_pref("browser.search.defaultenginename", "Yahoo");user_pref("browser.search.selectedEngine", "Yahoo");user_pref("keyword.URL", "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p=");user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&type=382950");user_pref("yahoo.ytff.general.showaddbtn", false);user_pref("browser.search.defaultenginename", "Yahoo");
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: 0
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: 0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.share_proxy_settings: false
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 02:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 14:19:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/22 13:46:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011/07/04 11:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/20 12:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/14 23:10:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 02:07:30 | 000,000,000 | ---D | M]

[2010/06/08 15:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/25 11:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions
[2010/11/26 20:19:14 | 000,000,000 | ---D | M] (RealoreStudios Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{03fee850-0101-4e9e-b6d4-6fc74d3db360}
[2010/06/08 15:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/24 00:04:37 | 000,000,000 | ---D | M] (XfireXO) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/05/25 11:42:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/28 22:31:25 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\gamesbar@oberon-media.com
[2010/06/08 15:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\staged-xpis
[2010/06/08 15:20:58 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\textlinks@playsushi.com
[2010/02/19 13:32:47 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\toolbar@shopathome.com
[2011/03/20 11:12:40 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\wecarereminder@bryan
[2011/07/04 16:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/05 18:42:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/18 21:25:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 16:15:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 15:46:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 12:14:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/04 16:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/05 18:41:55 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2009/04/05 18:41:59 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/31 11:28:34 | 000,147,456 | ---- | M] (Oberon Media) -- C:\Program Files\mozilla firefox\plugins\npMyGames.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2009/10/26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/11/06 17:15:22 | 000,000,156 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober10694656.src
[2010/12/15 00:27:25 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober12957484.xml
[2011/03/28 22:32:08 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober13680203.xml
[2009/11/01 12:47:24 | 000,000,156 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober156182093.src
[2011/03/30 02:50:05 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1686390.xml
[2010/12/06 19:31:54 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18162406.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18403750.gif
[2009/12/09 13:35:44 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18403750.src
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober27254484.gif
[2009/11/22 21:08:26 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober27254484.src
[2011/01/01 02:20:51 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober28208578.xml
[2010/12/11 15:34:28 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober2891125.xml
[2010/11/14 05:36:12 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4002656.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4352437.gif
[2010/06/18 15:35:25 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4352437.src
[2010/12/07 02:17:20 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober4361265.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober51693703.gif
[2009/12/07 12:08:14 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober51693703.src
[2011/01/19 04:18:38 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober5741859.xml
[2011/01/04 21:52:24 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober7067906.xml
[2011/02/25 17:15:17 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober9142031.xml
[2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober36076500.gif
[2009/12/15 11:48:11 | 000,000,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober36076500.src

O1 HOSTS File: ([2011/08/25 19:40:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealoreStudios Toolbar) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (RealoreStudios Toolbar) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SearchElf 1.1 Toolbar) - {00F2C0C6-2194-484E-9064-44E57787867B} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (RealoreStudios Toolbar) - {03FEE850-0101-4E9E-B6D4-6FC74D3DB360} - C:\Program Files\RealoreStudios\prxtbRea2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FileServe Manager Task] C:\Program Files\FileServe Manager\FSStarter.exe (FileServe Limited)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://p.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Dream%20Day%20First%20Home/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} http://download.playfirst.com/play/game/mysteryofsharkisland/msi.1.0.0.8.cab (CPlayFirstmsiControl Object)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214110364630 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214176760343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Gourmania/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://iplay.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://207.119.127.218/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - Reg Error: Key error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/21 20:37:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 20:12:06 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/08/25 19:58:38 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/08/25 14:59:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/25 14:54:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/25 14:54:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/25 14:54:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/25 14:54:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/25 14:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/25 14:53:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/25 14:49:27 | 004,183,543 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/08/24 21:59:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/23 22:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/08/23 22:55:40 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/23 22:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/23 22:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/23 22:55:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/23 22:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/23 22:51:46 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2011/08/23 20:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/23 20:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/22 09:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Pirate Stories Kit Ellis
[2011/08/21 07:46:24 | 000,000,000 | ---D | C] -- C:\My Documents\GeekPolice
[2011/08/21 05:16:48 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/08/21 04:31:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/08/21 03:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/08/20 15:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Age of Japan
[2011/08/20 11:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2011/08/20 11:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/08/20 11:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/08/20 11:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/08/19 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Xmas Blox
[2011/08/19 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\X mas Blox
[2011/08/19 09:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\f-secure
[2011/08/19 09:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/08/19 07:24:40 | 000,000,000 | ---D | C] -- C:\My Documents\Stopzilla Event Logs
[2011/08/18 21:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/08/18 21:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/08/18 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/18 19:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/18 17:44:18 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/08/18 17:44:18 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/08/18 17:44:18 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/08/18 17:44:16 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/08/18 17:44:16 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/08/18 17:44:16 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/08/18 17:44:16 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/08/18 17:44:16 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/08/18 17:44:14 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/08/18 17:44:14 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/08/18 17:44:14 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/08/18 17:44:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/08/18 11:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AquaPearls
[2011/08/16 16:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/08/15 19:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
[2011/08/15 19:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/08/15 13:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/08/12 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Assistant
[2011/08/12 16:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\CenturyLink
[2011/08/12 16:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\EMBARQ
[2011/08/12 16:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation
[2011/08/12 16:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2011/08/12 16:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/08/12 11:57:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2011/08/12 11:57:12 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/08/10 22:05:24 | 000,112,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
[2011/08/10 10:03:47 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/10 08:55:05 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/07 01:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Puzzles 500
[2011/07/29 22:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oberon
[2011/07/29 22:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon
[2011/07/28 10:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Boomzap
[2011/07/28 00:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\JQ
[2011/03/20 18:26:44 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[2002/04/11 03:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:15 am

OTL part 2 of 3

========== Files - Modified Within 30 Days ==========

[2011/08/25 21:36:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC5CA896-1EC2-43B6-B82F-9CD4B98BFBD1}.job
[2011/08/25 21:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/25 20:12:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
[2011/08/25 20:12:41 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
[2011/08/25 20:12:15 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/08/25 19:58:38 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/08/25 19:58:02 | 000,000,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/25 19:40:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/25 19:39:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
[2011/08/25 19:39:58 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/25 19:39:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 14:59:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/25 14:49:27 | 004,183,543 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/08/23 22:55:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 22:51:49 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2011/08/23 20:42:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 17:42:00 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/08/21 11:37:15 | 000,025,372 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/08/21 07:20:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/08/21 06:25:36 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/08/21 05:16:48 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/08/21 04:31:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/08/18 17:44:18 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/08/18 17:44:18 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/08/18 17:44:18 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/08/18 17:44:16 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/08/18 17:44:16 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/08/18 17:44:16 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/08/18 17:44:16 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/08/18 17:44:16 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/08/18 17:44:14 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/08/18 17:44:14 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/08/18 17:44:14 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/08/18 17:44:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/08/18 11:34:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AquaPearls.lnk
[2011/08/15 13:29:45 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/15 13:29:45 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 23:10:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/14 12:41:48 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN Games.lnk
[2011/08/13 21:44:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/12 16:30:28 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CenturyLink Remote Control.lnk
[2011/08/11 21:23:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 00:10:23 | 000,450,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 00:10:23 | 000,075,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 18:23:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 20:20:41 | 000,004,290 | ---- | M] () -- C:\Documents and Settings\Owner\r
[2011/07/28 20:42:09 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HP Printing Software.url

========== Files Created - No Company Name ==========

[2011/08/25 19:48:50 | 000,000,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/25 14:59:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/25 14:59:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/25 14:54:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/25 14:54:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/25 14:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/25 14:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/25 14:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/23 22:55:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 20:42:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 17:41:40 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/08/21 06:25:30 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/08/21 05:49:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/08/18 11:34:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AquaPearls.lnk
[2011/08/16 16:47:33 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/08/16 16:47:31 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/08/15 13:29:45 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/15 13:29:39 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 23:10:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/14 23:10:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/14 12:41:48 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSN Games.lnk
[2011/08/12 16:30:28 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CenturyLink Remote Control.lnk
[2011/08/10 11:13:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/04 20:20:41 | 000,004,290 | ---- | C] () -- C:\Documents and Settings\Owner\r
[2011/07/31 08:17:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
[2011/07/28 20:42:09 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HP Printing Software.url
[2011/07/02 18:21:49 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/30 02:55:31 | 000,000,461 | ---- | C] () -- C:\Program Files\033020112553104.bat
[2011/03/28 10:33:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 23:15:52 | 000,000,462 | ---- | C] () -- C:\Program Files\0321201123155192.bat
[2011/01/24 00:01:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/21 12:46:55 | 000,000,462 | ---- | C] () -- C:\Program Files\1021201012465568.bat
[2010/10/19 03:05:24 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\prefsdb.dat
[2010/09/09 02:06:11 | 000,023,085 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/08/31 23:26:57 | 000,000,476 | ---- | C] () -- C:\Program Files\0831201023265700.bat
[2010/08/04 12:18:52 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/06/19 11:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/05 21:21:47 | 000,000,471 | ---- | C] () -- C:\Program Files\0105201020214746.bat
[2009/09/28 21:53:27 | 000,000,110 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/02 18:40:12 | 000,137,540 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/04/05 18:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 15:57:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/02/22 09:42:50 | 000,003,840 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2009/01/11 00:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/06 05:40:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/02 15:57:07 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 17:46:45 | 000,157,453 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2008/10/11 17:46:44 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2008/08/31 10:14:08 | 000,123,125 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2008/08/31 10:14:07 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2008/07/15 22:50:29 | 000,025,372 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/06/29 04:46:15 | 000,000,766 | ---- | C] () -- C:\WINDOWS\wwwconfig.dat
[2008/06/28 16:12:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/06/22 16:03:41 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2008/06/22 15:54:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/22 00:38:38 | 000,000,512 | ---- | C] () -- C:\WINDOWS\extend.dat
[2008/06/22 00:08:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2008/06/22 00:08:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/21 20:39:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/21 20:34:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/21 13:28:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/21 13:27:53 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/05/03 13:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/22 18:07:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,450,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,075,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 12:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/04/08 15:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2002/07/01 09:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\brun_nbeta12.dat
[1997/08/19 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/08/14 02:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/14 02:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82E1D3A4
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD8F016
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAA14AF9
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:179D1352
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F2BA284
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F97CB10D
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11FC043F
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBVUV9VK9VF9FPMVAP4RKXT95KVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VF9VF9VSNFUP4WKLVY2ELP3JM6UEGRJKDVVJVKVFJVMJV7
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBVUV9VK9VF9FPMVAP4RKXT95KVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBPUV9VF9VF9VSNFUP4WKLVY2ELP3JM6UEGRJKDVVJVKVFJVMJV7
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECC73CDC
@Alternate Data Stream - 381 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F94040F
@Alternate Data Stream - 380 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8CAAE22
@Alternate Data Stream - 376 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6283A8D3
@Alternate Data Stream - 361 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84002417
@Alternate Data Stream - 354 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C8F07A8
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70F0C51
@Alternate Data Stream - 347 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BE311E
@Alternate Data Stream - 343 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB9746A6
@Alternate Data Stream - 338 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0ACD5C
@Alternate Data Stream - 337 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2533C29
@Alternate Data Stream - 336 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EDC977B
@Alternate Data Stream - 333 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1BA810
@Alternate Data Stream - 325 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AF3A05F
@Alternate Data Stream - 324 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:141BCC26
@Alternate Data Stream - 323 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79FA7767
@Alternate Data Stream - 322 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E269FCB5
@Alternate Data Stream - 322 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:202A6D97
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F585932D
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76F78684
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52556249
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1A3FF2
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F984905
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B928EF8
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D81A09B0
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC6697B
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C3170A8
@Alternate Data Stream - 314 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE0E96C6
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:702D1DFE
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 312 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1002D91
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CB560CF
@Alternate Data Stream - 310 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4173B541
@Alternate Data Stream - 309 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A45A6D
@Alternate Data Stream - 309 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD998290
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2400EF3
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E74C26
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DFBC3C0
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06F1C6E5
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:995B275C
@Alternate Data Stream - 306 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C5DFEA1
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E76E30F
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029B3C8C
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68A1815
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90281753
@Alternate Data Stream - 302 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52841B01
@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AE1C7A
@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2DD77D8
@Alternate Data Stream - 299 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B59658A8
@Alternate Data Stream - 298 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91163577
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6411A2E
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC52BE0
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A9B355
@Alternate Data Stream - 293 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36D4F33D
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF4E51E1
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0312EC65
@Alternate Data Stream - 291 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B72729D8
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F3CCE0A
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:213AFE42
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE13DA72
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD842FD5
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32AF55F1
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4BE8180
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAC11624
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDAC654B
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01453AF3
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7079A696
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62D72D41
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E23D0CEC
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54D9AD66
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:100CB1DD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E95E2173
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:858D9994
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70258565
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5690D76E
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0DB8AB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A652BC99
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E11933F
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE91C67
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:441D63A8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33E12B7A
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30D9D4CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2324
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2176484C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:082EF53F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F18BEDBC
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA031481
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC3B4B43
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D91D7E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A3AAF2E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC32B31
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:203CAFEE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E67073E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8760BFE
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC96947B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A86C5761
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6622852D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627153F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:124B94C0
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA341DB1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9812B773
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96DE870D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40DB6D00
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD444B22
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2FF62A6
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFB99F9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC29ABAC
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BACB6B6C
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BFAAE70
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63337BE2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:589743E1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8FA829
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BA6C13A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09446E68
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0440C86
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDBBA6D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF93164
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5D64BE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E8117B1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC5FFC81
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBE5FDB9
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9EDCFB0
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC5801E4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93AABC7
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8059174
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF4C56B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88BE334
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D2A565D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7198E1D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4F49FB
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDF112BD
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F34335
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8D58038
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C337CCE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EF59135
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7430D1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B8650D
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51545BC7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EDD05D8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E45FA8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D8B851C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A27E0C5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0696EC8E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBB29B31
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8855A119
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CF910D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:602146E4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ECEA33
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A4620C
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8AC0D6D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F19A4790
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4C77AD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7FF0C9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9491C9C7
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:891DBAFE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79EB58D0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512336B9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46B38AB3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAF954B6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EEAEC9B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:696F7DA7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1585E7B2
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F1392C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BE587B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:771316F5
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75CC0165
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A34D19
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C31986D
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25D6137A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1786630
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71AEFFEB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:413E2927
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151760F0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9A04C32
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5121D26
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD20B4A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A1486AD
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA7FA57

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:17 am

OTL part 3 of 3

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34445512
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0588E665
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92981EA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BEA85D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7E8F29F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE2EA3C2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:560D46AC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41884BBE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:329BA65B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5816AB5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BE1CEA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3D26A8A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADAD2FFE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B0F9E15
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961A5109
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EABF26C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79BE9D5A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698B483C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62B9E014
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:443F2F8E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41DAF48E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29F0CA7D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22F6EE1A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E83EE313
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE818FA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A636021B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E75B01B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864881BF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42228396
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD69132
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B5038B1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31A7D544
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FBB2B9B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D3CB929
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A48233F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26233902
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EEDD02
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1095ECE1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0A06891
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEBEAB3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83D58AD2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C99C213
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56EE2CAF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D7AF1D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:098DBB8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB15E5CC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9290C91C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8678F6BD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65AB2A58
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A80ACF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436BE28C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3939CF5F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEF8447
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFC8A5FD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8EAE2CC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A39CF033
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94260FE6
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F96743
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6D6E2B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627B7F7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3112F12
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9351E0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831F2C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72D2E2A0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:514E900B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C86456
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29DA7FEE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDC41D2C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B99CA4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F951B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCFF7C43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF6E4175
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0893153
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B227F86E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BF54D33
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD219F5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D19AF4A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D7FCCD3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C27D9EC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:257AC7F8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDE312D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10DCAF3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D197DC80
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:962FBFE7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94CE30A1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A051701
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6DD5F80
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9592966
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46D2E5A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAC5FE6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91486201
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:817F0659
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705F47E4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6407DD2D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:403D77D3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26A148EB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9283DA1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA9F45B5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD04902E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3C52D24
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA99FD89
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C35B4B19
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D605054
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF4A12D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7757A6D4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68887B7E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6309F7F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2A5A6D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0007D6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E9900EE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1968990D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1709732A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:163B8B93
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F78518BB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0A97B5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B31F805F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698AFB4D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50F94E7B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42A3BDD7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:342886D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:119BAB3D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C0B833D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC855C73
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A41FEAA2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BFA0030
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87B05421
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D48DC2D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:647640E1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10C56A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4111E573
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31A07C00
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5A2122
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:283B4301
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C90EF4F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE96CF5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A1C1AD8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09708CB7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB0595A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCB49694
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7857F06
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC2A20FD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B6F7F60
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B439AA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17F7AEA3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:041C0562
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E77558A0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CDFB4A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B55AADB5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA199F0F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4BF246C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EE6560D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82C50600
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71187328
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F9C17A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54362937
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A9FA516
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9D0697
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:638C0C6C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2775F9E2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD931C5F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E90251A2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E6A368
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7174C105
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:583D44CB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C0A7FF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D492DA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132714FA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE5EC04C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9B2AAD0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E8CC2E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C7AA745
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B15C5BC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C13C008
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC60E0F8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1031541
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B419A171
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CAB0377
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79F970BE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666D6386
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD26EF3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA206A00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C356A185
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB24B00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6813E7F4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D5FDAEA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AD6342E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49D185
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C84B46
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A692C296
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE7A048
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F4B378
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551E1CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3433021E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A19A9C88
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E31DE83
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294F888B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C1A08E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3595B780
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193426B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65929158
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7D48CA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18379B4C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D02FBAEC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3612C9BE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DA384B0
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09CEBED1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086DE893
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E8F4FE
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2935AA1D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BFCB272
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:102394C6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B61DB9F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CB42C9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3473F385
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C07C446
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE9F7F81
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95198126
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECED34B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1381B34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF478DB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F16B288B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78DEA3A4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A99DEB7
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0D0B5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEF1584F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF

< End of report >

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 11:00 pm

Thank you. Could you please run this again for me? You may still have the program on your desktop.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Aswmbr14

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Aswmbr14

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Aswmbr10

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Aswmbr10

On completion of the scan click save log, save it to your desktop and post in your next reply

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 11:49 pm

Hi Dave,

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-26 18:04:30
-----------------------------
18:04:30.125 OS Version: Windows 5.1.2600 Service Pack 3
18:04:30.125 Number of processors: 1 586 0x304
18:04:30.140 ComputerName: GINA UserName:
18:04:36.921 Initialize success
18:09:33.562 AVAST engine defs: 11082601
18:09:45.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:09:45.234 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
18:09:47.328 Disk 0 MBR read successfully
18:09:47.328 Disk 0 MBR scan
18:09:47.531 Disk 0 Windows XP default MBR code
18:09:47.578 Disk 0 scanning sectors +312560640
18:09:48.000 Disk 0 scanning C:\WINDOWS\system32\drivers
18:10:10.609 Service scanning
18:10:14.468 Modules scanning
18:10:24.515 Disk 0 trace - called modules:
18:10:24.531 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:10:24.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd7030]
18:10:24.546 3 CLASSPNP.SYS[f8728fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fab030]
18:10:27.187 AVAST engine scan C:\WINDOWS
18:10:41.125 AVAST engine scan C:\WINDOWS\system32
18:13:09.890 AVAST engine scan C:\WINDOWS\system32\drivers
18:13:24.156 AVAST engine scan C:\Documents and Settings\Owner
18:23:04.140 AVAST engine scan C:\Documents and Settings\All Users
18:32:13.156 Scan finished successfully
18:46:15.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:46:15.187 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR08262011.txt"

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 1:37 am

How's the computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetOnline

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetAcceptTerms

•Click the Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetStart

button.
•Accept any security warnings from your browser.
•Check Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetListThreats

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetListThreats

•Push

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetBack

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetBack

button.
•Push Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 2:07 am

Hi Dave,

Last night I started getting a black screen come up just before windows logs on. It said something about booting up normally. Never had that before.

Also, Stopzilla has 2 infections (it did have 138, mostly cookies).

1. Internet Security - File - Critical
c:\docume~1\owner\locals~1\temp\rarsfx0\securitycheck\other\nircmcd.exe

2. Cognac - Adware - File - Moderate

c:\docume~1\owner\locals~1\temp\rarsfx0\securitycheck\other\sed.exe

I'm going to run that ESet Scann right now.

Thanks

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 5:32 am

Hi Dave,

Here is the ESETScan.

Thanks

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
C:\Downloads\reSetup[1].exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\GameFools\GourmaniaSetup.exe Win32/Adware.InternetAntivirus application cleaned by deleting - quarantined
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP127\A0022687.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP128\A0022729.rbf a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP128\A0022732.rbf probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024697.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024698.exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024699.exe Win32/Adware.InternetAntivirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024700.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024701.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP84\A0014840.rbf a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP84\A0014843.rbf probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 6:57 pm

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 8:08 pm

Hi Dave,

I don't know if you saw the post before my last scan where I mentioned the 2 infections that Stopzilla show having.

Also, I'm still not able to get into gamehouse.com. From what I'm understanding there is a virus there that people have got in the past and I was wondering if we can see if we (you) help me get that fixed.

Thank you,
Regina

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 1:29 am

I don't know if you saw the post before my last scan where I mentioned the 2 infections that Stopzilla show having.

All the other scans we've run did not show those files. It could be false-positives.
What browser are you using?
I can't see any malware that would be causing that problem with Gamehouse.com. I sounds like perhaps your firewall could be blocking it.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 1:56 am

Last night I started getting a black screen come up just before windows logs on. It said something about booting up normally. Never had that before.

I had checked my firewall for the Game House problem and didn't find it.

Also, one last thing, would it be possible to get that black screen that pops up just before Windows logs on to go away. That just started the night before last. I would appreciate it.

Thank you,
Regina

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 10:50 pm

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more29th August 2011, 9:49 am

Hi Dave,

I ran the program and I came up with 2 boxes and were blank. At the bottom left it said "0 crashes".

Also, a few posts ago, you had asked which browser I use and I forgot to let you know. I use IE version 8.

Thanks

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more29th August 2011, 10:39 pm

I use IE version 8.

You could try another browser to see if the problem is still there.

We Need to Diagnose Your BlueScreen
1.When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
2.Select "Disable Automatic Restart on System Failure", as shown here:
Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Disableautomaticrestart

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Disableautomaticrestart

3.When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Bluescreen

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more Bluescreen

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more30th August 2011, 8:16 pm

Hi Dave,

Whew, finally got my keyboard to type again.

Anyway, I tried and tried (6 times) to do the F8 "Disable Automatic Restart". Every time I got to that line I would hit enter and it would go to another screen that would ask which operating system I wanted for start up and the "Disable Automatic Restart" would be at the bottom and the line above it would say to press F8 to go to that line. Well it was a vicious circle doing and saying the same thing every time.

The enter worked fine for going to selecting the start up I wanted, but didn't work for what you wanted.

Thanks

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more30th August 2011, 10:49 pm

Do you have more than one OS on that computer?

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 12:26 am

I just have Windows...is that what you mean?

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 1:50 am

Every time I got to that line I would hit enter and it would go to another screen that would ask which operating system I wanted for start up and the "Disable Automatic Restart" would be at the bottom and the line above it would say to press F8 to go to that line.

I think that's the Recovery Console that was installed when you ran ComboFix. You can remove it using this:

Deleting the Recovery Console

Warning: To remove the Recovery Console you need to modify the Boot.ini file. Modifying this file incorrectly can prevent your computer from starting properly. Please only attempt this step if you feel comfortable doing this.

To remove the Recovery Console from your hard drive follow these steps:

1.Double-click on My Computer and then double-click on the drive you installed the Recovery Console (usually the C: drive).

2.Click on the Tools menu and select Folder Options.

3.Click on the View tab.

4.Select Show hidden files and folders and uncheck Hide protected operating system files.

5.Press the OK button.

6.Now at the root folder delete the Cmdcons folder and the Cmldr file.

7.At the root folder, right-click the Boot.ini file, and then click Properties.

8.Click to clear the Read-only check box, and then click the OK button.

9.Click on Start, then Run and type Notepad.exe c:\boot.ini in the Open: field and press the OK button.

10.Remove the entry for the Recovery Console. It will look similar to this:
C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

Make sure you only delete that one entry.

11.When you are done, close the notepad and save when it asks.

12.Right click again on the boot.ini file and select Properties.

13.Put a checkmark back in the Read-only checkbox and then press the OK button.
The recovery console should now be removed from your system.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 2:08 am

Hi Dave,

Before I do that I had gone back and rebooted up and did the F8.

It says:

"Please select the operating system to start.

Microsoft Windows Recovery Console
Do not select this [debugged enabled]
Microsoft Windows XP Home Edition"

I just want to make sure I should remove that since it says "Microsoft" and not "Combo Fix". (please note a lot of what we've done is new to me).
Also, I haven't removed the programs and files that we did because I still had questions. Should I go ahead and remove them anyway?

Thanks for your patience

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 6:42 pm

Hi Dave,

I posted last night, just above this post and said "I just want to make sure I should remove that since it says "Microsoft" and not "Combo Fix". (please note a lot of what we've done is new to me).
Also, I haven't removed the programs and files that we did because I still had questions. Should I go ahead and remove them anyway?"

Well, I went ahead and uninstalled Combofix, installed TFC, Spyblaster, WOT, and Spybot.

Ran some scans with Spybot and Spyblaster. Removed infected things that were found.

I rebooted and just before the desk top would load a box popped up that said "windows\system32\command Parameters are not correct" I think I wrote that right.

Anyway, I would click "OK" and it kept popping up each time. Finally, I hit control, alt, delete and ended that box and my desk top came up.

I don't know what went wrong.

Thanks

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 7:23 pm

Don't bother trying to run BlueScreenViewer. It was the Recovery Console that was giving you a black screen on start-up. Actually, the recovery system is a good thing to have on your computer but if you don't want it, you can uninstall it.

windows\system32\command Parameters are not correct

I think this has something to do with Spybot S&D. If it continues, you should try uninstalling Spybot.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more1st September 2011, 4:12 pm

Superdave wrote:

Don't bother trying to run BlueScreenViewer. It was the Recovery Console that was giving you a black screen on start-up. Actually, the recovery system is a good thing to have on your computer but if you don't want it, you can uninstall it.
windows\system32\command Parameters are not correct

I think this has something to do with Spybot S&D. If it continues, you should try uninstalling Spybot.

Yes, I definitely do want the recovery system please. So, if I should I will do that fix for the Recovery Console you had posted. Let me know.

In reference to Spybot S&D, I got a box message once my computer booted up this morning.

It said:
"Spy Bot has detected an important registry entry that has been changed.
Catagory: System Startup user entry
Change: Value deleted
Entry: SpybotDeletingD5539
Old Data: cmd.exe /c del "C: \Documents and settings \ " and then it didn't show the rest.

It seems like this might be related to the above message I sent where you thought it was Spybot related.

If I uninstall Spybot will it put back all the viruses, trojans, etc.? Also, will it mess up my computer where I am unable to get on? (this is my only computer) Should we fix what Spybot was saying this morning?

Also, are you going to be here over this Labor Weekend? Just checking, I will be, but I know people need time off too

Thank you

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more1st September 2011, 7:39 pm

Yes, I definitely do want the recovery system please. So, if I should I will do that fix for the Recovery Console you had posted. Let me know.

If you want to leave the RC, you don't have to do anything. If you want to remove it, follow the instructions I gave you.

If I uninstall Spybot will it put back all the viruses, trojans, etc.? Also, will it mess up my computer where I am unable to get on? (this is my only computer) Should we fix what Spybot was saying this morning?

You should uninstall Spybot and leave it off for a few days to see how things work. Your computer is clean and removing it won't affect the computer, malware-wise. I have no holidays.

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more2nd September 2011, 3:49 pm

Hi Dave,

Well, I just have a few more programs to update through that Secunia Software and it's done.

My computer is running pretty good. Faster then it has for quite a while.

Is there anything else we need to do or undo?

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more2nd September 2011, 6:57 pm

Hi Dave,

I guess my above post was jumping the gun.

I don't know what happened, but some how my my System Restore got turned off by some thing or some program. I went to do a system restore and I only have todays date without a restore point. I click to go to August and it won't let me. Did all my previous restore points get deleted in my System Tools?

Also, when I type in a web address to go to, it doesn't try to connect the first time, then I have to hit enter again (I realize this one is a small thing). Finally, Wednesday morning I tried Game House again and couldn't get into it still, but in the afternoon after I had installed Spyware Blaster, Spybot and something else Game House would come up. Now this morning, I can't access it again.

Thanks

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

descriptionTrojan.Dropper, Trojan.Generic, Trojan.Crypt and more21st August 2011, 4:41 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:11 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:14 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:21 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:25 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:57 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 3:14 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 4:56 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 10:34 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 10:47 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 1:39 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 6:42 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 11:50 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 4:42 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 7:36 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 7:47 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 9:31 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:23 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:42 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:47 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:55 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:29 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:30 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:53 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:13 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:15 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:17 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 11:00 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 11:49 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 1:37 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 2:07 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 5:32 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 6:57 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 8:08 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 1:29 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 1:56 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 10:50 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more29th August 2011, 9:49 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more29th August 2011, 10:39 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more30th August 2011, 8:16 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more30th August 2011, 10:49 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 12:26 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 1:50 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 2:08 am

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 6:42 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 7:23 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more1st September 2011, 4:12 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more1st September 2011, 7:39 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more2nd September 2011, 3:49 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more2nd September 2011, 6:57 pm

descriptionRe: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more21st August 2011, 4:41 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:11 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:14 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:21 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:25 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more22nd August 2011, 1:57 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 3:14 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 4:56 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 10:34 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more23rd August 2011, 10:47 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 1:39 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 6:42 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more24th August 2011, 11:50 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 4:42 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 7:36 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 7:47 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 9:31 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:23 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:42 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:47 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more25th August 2011, 10:55 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:29 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:30 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 1:53 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:13 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:15 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 6:17 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 11:00 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more26th August 2011, 11:49 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 1:37 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 2:07 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 5:32 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 6:57 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more27th August 2011, 8:08 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 1:29 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 1:56 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more28th August 2011, 10:50 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more29th August 2011, 9:49 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more29th August 2011, 10:39 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more30th August 2011, 8:16 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more30th August 2011, 10:49 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 12:26 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 1:50 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 2:08 am

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 6:42 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more31st August 2011, 7:23 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more1st September 2011, 4:12 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more1st September 2011, 7:39 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more2nd September 2011, 3:49 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more2nd September 2011, 6:57 pm

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more