win32/nugel.e removal

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

win32/nugel.e removal

Post by chuckmac on 25th February 2010, 4:36 pm

My computer is infected with the win32/nugel.e virus. My trojan virus removal file is infected and can not scan and remove the infection. I have AVG virus protection, it is infected as well. Most functions on my computer are infected. I can not copy and back up files. I tried to remove the win32/nugel.e virus by doing a file search to delete the file itself before starting a recommended long process of deleting other files. The file scan could not even locate the win32'nugel.e file. Help!!
Chuck

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 25th February 2010, 10:48 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 26th February 2010, 4:55 am

The download does not give me an option to save it on my desktop. It comes in my "downloads" and when I attempt to open it there I get a notation that the file is infected.


Last edited by chuckmac on 26th February 2010, 5:01 am; edited 1 time in total (Reason for editing : I was going to add something and thought better of it.)

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 26th February 2010, 12:28 pm

I've tried everything I can think of to get the OLt download directly to my desktop and I can't get it there. I even downloaded a program that is supposed to make a download go to the desktop it won't work. Sometimes when I tried to open the download the Olt application would pop up but just for an instant and then be removed with a box wanting me to start my anti virus program, and that takes me to the page that wants me to buy another virus protection program.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 26th February 2010, 11:24 pm

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 27th February 2010, 6:08 am

I have the file unzipped. And although I got a box that said the file was infected I was able to successfully open the Ice Sword Application. What's next.
P.S. If we get this done I will help with a donation. I'm not a man of means but I will help with what I can afford, OK.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 27th February 2010, 8:09 pm


  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 27th February 2010, 10:03 pm

The files are not saving themselves properly. I had to name the file to save it and I named it mylog and it came up as something like mylog.log I followed the directions very carefully. Do you think I'm doing something wrong. Can I set up a digital camera and take pictures of the files and send the pictures as a j-peg attachment. I can see the files and when I press the log button for the second time the list changes so I must be getting both full lists. If I could take pictures of the lists it would probably take four shots to get the all...if that would work. I tried several times to get it done following your directions. Once I got some sort of a nugel file saved but I could not open it. I am really sorry about this not coming together as I can see you are putting a lot of effort in trying to solve this.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 28th February 2010, 1:19 am

Hello.
You may need to change the log name so it doesn't overwrite the other one.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 28th February 2010, 5:19 am

I have two text documents ready to go and I don't know how to post them to this site. I tried to drag them over one at a time. The first one opened up after I drug it to this text box but I could not find a button to send. Sorry I'm not smarter about this.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 28th February 2010, 11:52 pm

The send button is just underneath this text box, or should be. If not, there maybe a problem with our recent forum upgrades.

Are you using Firefox/Chrome?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

More on the Win32/nugel.e removal problem

Post by chuckmac on 1st March 2010, 4:32 am

I'm sorry I can't send the files. After I drag them to this box, the list takes up a full page and there is nothing there except the list of files and no way to click a send box. When you said "Post the two logs in your next reply", please understand that I don't know how to post these files in this box. Like I said I tried to drag them here and I don't know if that can be done or not. The logs I created in Ice Sword are named geeklog1.log and geeklog2.log. They are showing the first one as a 3kb log and the second one as a 4kb log. I would think those files should be bigger than that. Would it be possible to email these to you as attachments? All I know about my firefox browser is that I always accept the updates. As far as I know my browser is up to date. If you want to give up on me, I will understand.


Last edited by chuckmac on 1st March 2010, 4:37 am; edited 1 time in total (Reason for editing : Added a last line at the bottom)

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

On going win32/nugel.e removal project

Post by chuckmac on 1st March 2010, 7:40 pm

*
In Ice Sword I opened the first log of files, I could see them all. I highlighted all of them, hit control insert, then started the cursor in this box and hit shift insert. What you see below is what came up in the box. I expected to see dozens of files but didn't. Sorry, I'm trying.

*
* Reply with quote
*
*
*
* Report post to moderator or admin
* Lock post for new reports

win32/nugel.e removal


Last edited by chuckmac on 1st March 2010, 7:44 pm; edited 1 time in total (Reason for editing : Changed my explanation to better reference what I did)

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 3rd March 2010, 4:18 am

I'm still here. Where are you?

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 3rd March 2010, 3:13 pm

Hello.
Are you able to open the .log files with Notepad?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 3rd March 2010, 4:14 pm

Yes I can open them with notepad

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 3rd March 2010, 4:16 pm

Okay, do that, then highlight everything by holding down the Ctrl key, and pressing A.

Then copy is, hold down the Ctrl key, and this time, press C.

Now, back in the text box, hold down Ctrl again, this time press V.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 3rd March 2010, 5:39 pm

I'm not sure my answer to your question got posted. If it did, I'm sorry for posting my last answer two or three times. Anyway, yes I can open the log files with notepad. By the way I updated the log files just in case there are more files infected than there were when I first extracted these files using Ice Sword.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 3rd March 2010, 6:17 pm

I know, but my above method should work, just open, then copy and paste?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

win32/nugel. removal

Post by chuckmac on 3rd March 2010, 7:35 pm

I'm not sure my answer to your question got posted. If it did, I'm sorry for posting my last answer two or three times. Anyway, yes I can open the log files with notepad. By the way I updated the log files just in case there are more files infected than there were when I first extracted these files using Ice Sword.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

win32/nugel. removal

Post by chuckmac on 3rd March 2010, 9:45 pm

I keep looking for this post under your last post and I can't find it. I'm trying now for about the 4th time. My post is/was

I have been able to open the files in notepad. So all I can do is wait for more directions.

Chuck

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 4th March 2010, 12:43 am

My instructions here:
[You must be registered and logged in to see this link.]

Should work.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

win32/nugel.e virus removal for chuck mcclain by BELAHZUR

Post by chuckmac on 4th March 2010, 5:26 am

I Followed your directions and the log files in both logs deleted leaving only the "V". Does that mean that the virus is removed from my computer?

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 5th March 2010, 2:45 am

I don't know why my last posts are not showing up here. I followed your directions and both log files were deleted. By the way I sent a donation. Thanks so much for hanging in there with me and getting this done...Chuck

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 5th March 2010, 8:33 pm

Make sure they go through, the logs maybe hitting our limit.
Can you upload the logs to this website:

[You must be registered and logged in to see this link.]

Post the share URL for me to download them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 6th March 2010, 1:05 pm

Process:

System Idle Process
System
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\smss.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mail Enable\Bin\MELSC.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Mail Enable\Bin\MEMTA.exe
C:\Program Files\Mail Enable\Bin\MEPOC.exe
C:\Program Files\Mail Enable\Bin\MEPOPS.exe
C:\Program Files\Mail Enable\Bin\MESMTPC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Documents and Settings\Owner.ChucksMachine1\Desktop\Scratch Pad\History of My Computer Virus and how I was helped\Ice Sword, in case I need it again\IceSword122en\IceSword.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 6th March 2010, 1:08 pm

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMSX
C:\WINDOWS\system32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechVideoTray
C:\Program Files\Logitech\Video\LogiTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechVideoRepair
C:\Program Files\Logitech\Video\ISStart.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ehTray
C:\WINDOWS\ehome\ehtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CHotkey
zHotkey.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Alcmtr
ALCMTR.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
REGSHAVE
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG8_TRAY
C:\PROGRA~1\AVG\AVG8\avgtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Works Update Detection
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Samsung PanelMgr
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ContentTransferWMDetector.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoxWatchTray
"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DMXLauncher
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TrojanScanner
C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Desktop Search
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LogitechSoftwareUpdate
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
agent.exe
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\agent.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\Owner.ChucksMachine1\Start Menu\Programs\Startup
desktop.ini

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 6th March 2010, 1:31 pm

I had to create two new log files because I followed your directions and deleted them and didn't know if I could recover the logs I deleted. Hope I'm doing all this right. I checked and all the files I created this morning seem to be here in the two previous posts...but I also uploaded them to 2shared.com as you suggested.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 6th March 2010, 3:56 pm

Hello.

As useful as IceSword is, we will remove it once we are done, leaving our tools lying around isn't safe, users curiosity to run them on their own, and these tools can be dangerous if used incorrectly.


  • In IceSword, press the Registry button on the bottom left of the program.
  • Drag the middle bar further to the right so you can see the paths.
  • Follow this path to the Run key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  • Left click once on the Run key, then in the right side pane, find the run following run values:

    agent.exe

  • Right click on agent.exe, hit delete.
  • Close IceSword.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 6th March 2010, 6:17 pm

I followed all the paths you gave me. After opening the run values in the left pane, I can't find the Agent.exe file

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 6th March 2010, 6:18 pm

Excuse I should have said the right side pane is where there is no agent exe file.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 6th March 2010, 8:41 pm

Can you run MBAM anyway?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 7th March 2010, 6:15 am

Here are the mbam log files you asked for

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/7/2010 1:03:42 AM
mbam-log-2010-03-07 (01-03-42).txt

Scan type: Quick Scan
Objects scanned: 132197
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pctools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ptools (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Quarantine (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Registry Backups (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SpywareRemover\DataBaseNew.ref (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Log\log_2007_04_04_08_26_19.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Log\log_2007_04_04_08_26_21.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Log\log_2007_04_04_08_26_54.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Log\log_2007_04_04_14_15_06.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings\CustomScan.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings\IgnoreList.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings\ScanInfo.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings\ScanResults.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings\SelectedFolders.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover\Settings\Settings.stg (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi178393781v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi178393781v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi178393781v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu178393781v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu178393781v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu178393781v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu178393781v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu178393781v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu178393781v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\BBWDLL8.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\CPALETTE.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\GP2.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\settings.ini (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.ChucksMachine1\Application Data\PC\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 7th March 2010, 8:11 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 5:39 am

I Can't get all the Extras.Txt files that come up in the note pad box in one post. I tried to just highlight half of the Extras.Txt files in the notepad box and post that half first but it won't work. It wants to post the whole log and I get a message that the post is too big. I haven't tried to post the OTL.txt log yet.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 12:32 pm

I Found a way to split the file, here is the first half of the otl.text file. It will be followed by the second half and I will split the extras.txt file as well.


OTL logfile created on: 3/7/2010 11:47:58 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 83.68 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.24 Gb Free Space | 61.37% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHUCKSMACHINE1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/07 23:45:04 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Downloads\OTL(6).exe
PRC - [2010/02/26 06:43:52 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/02/18 07:59:06 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/12 16:58:52 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/22 07:52:49 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 07:52:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/22 07:52:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/30 15:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/08/25 23:13:05 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
PRC - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2007/08/24 14:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
PRC - [2007/08/24 14:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2007/08/14 02:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2007/06/23 09:21:52 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/10/11 16:12:36 | 000,434,236 | ---- | M] (MailEnable Pty Ltd) -- C:\Program Files\Mail Enable\Bin\MEPOC.exe
PRC - [2006/10/10 14:49:26 | 000,458,752 | ---- | M] (MailEnable Pty Ltd) -- C:\Program Files\Mail Enable\Bin\MESMTPC.exe
PRC - [2006/10/10 13:58:36 | 000,212,992 | ---- | M] (MailEnable Pty Ltd) -- C:\Program Files\Mail Enable\Bin\MEPOPS.exe
PRC - [2006/10/10 13:58:04 | 000,163,840 | ---- | M] (MailEnable Pty Ltd) -- C:\Program Files\Mail Enable\Bin\MEMTA.exe
PRC - [2006/10/10 13:57:56 | 000,155,648 | ---- | M] (MailEnable Pty Ltd) -- C:\Program Files\Mail Enable\Bin\MELSC.exe
PRC - [2006/09/07 11:00:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2005/01/18 16:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/01/18 16:08:36 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/10/08 10:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/07 23:45:04 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Downloads\OTL(6).exe
MOD - [2009/11/25 16:43:53 | 000,049,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\gth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/02/26 06:43:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/08/22 07:52:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 14:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 14:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2006/10/11 16:12:36 | 000,434,236 | ---- | M] (MailEnable Pty Ltd) [Auto | Running] -- C:\Program Files\Mail Enable\Bin\MEPOC.exe -- (MEPOCS)
SRV - [2006/10/10 14:49:26 | 000,458,752 | ---- | M] (MailEnable Pty Ltd) [Auto | Running] -- C:\Program Files\Mail Enable\Bin\MESMTPC.exe -- (MESMTPCS)
SRV - [2006/10/10 13:58:36 | 000,212,992 | ---- | M] (MailEnable Pty Ltd) [Auto | Running] -- C:\Program Files\Mail Enable\Bin\MEPOPS.exe -- (MEPOPS)
SRV - [2006/10/10 13:58:04 | 000,163,840 | ---- | M] (MailEnable Pty Ltd) [Auto | Running] -- C:\Program Files\Mail Enable\Bin\MEMTA.exe -- (MEMTAS)
SRV - [2006/10/10 13:57:56 | 000,155,648 | ---- | M] (MailEnable Pty Ltd) [Auto | Running] -- C:\Program Files\Mail Enable\Bin\MELSC.exe -- (MELCS)
SRV - [2006/09/07 11:00:41 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/02/27 16:34:42 | 000,211,893 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\lhbtc.sys -- (lhbtc)
DRV - [2009/08/22 07:52:49 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 07:52:48 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/01 15:36:12 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/12/27 07:34:59 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/23 20:25:21 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/11/16 20:34:21 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/11/16 20:34:21 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/08/18 02:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/08/14 17:25:22 | 000,131,192 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/08/14 17:25:22 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/08/14 17:25:20 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2006/07/18 17:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 17:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 17:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/17 18:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/01/18 20:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 16:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/31 05:20:03 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 05:12:46 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/04/19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AD 8D F5 01 42 CD 38 4A B9 E3 12 0C F0 43 11 98 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {f0e8ee31-8381-4088-9f90-2db20421087e}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:12:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/27 10:10:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 07:59:11 | 000,000,000 | ---D | M]

[2008/09/01 06:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Mozilla\Extensions
[2010/03/06 07:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\extensions
[2009/09/03 09:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/17 10:00:06 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/17 10:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/12/22 18:38:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\extensions\{f0e8ee31-8381-4088-9f90-2db20421087e}
[2010/03/06 07:56:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/01 14:25:00 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2009/12/17 19:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O33 - MountPoints2\{cdd086d3-3e88-11db-b8e1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{cdd086d3-3e88-11db-b8e1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 00:47:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/07 00:47:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/07 00:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\Malwarebytes
[2010/03/07 00:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/07 00:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/26 06:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ChucksMachine1\My Documents\My Google Gadgets
[2010/02/25 07:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\gqmrxd
[2010/02/12 09:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Interesting Accordion Pictures and Events I want to Access Quickly
[2010/01/07 08:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/07 08:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/09 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2009/10/09 15:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/09/23 22:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/24 18:06:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/24 18:06:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/10 17:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/09/29 12:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/12/21 08:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/12/21 08:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/12/21 08:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/12/21 08:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/11/23 15:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2002/11/05 22:50:10 | 000,468,992 | ---- | C] (PG Music Inc.) -- C:\Program Files\MIDIConv.exe
[2002/10/25 04:39:50 | 000,516,096 | ---- | C] (NUGROOVZ) -- C:\Program Files\CDWriterXP.ocx
[2002/02/10 02:00:00 | 000,072,748 | ---- | C] (Jordan Russell) -- C:\Program Files\unins000.exe
[2001/11/19 17:24:56 | 000,498,688 | ---- | C] (PG Music Inc) -- C:\Program Files\STOMBBx.exe
[1999/08/13 05:20:00 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\Program Files\Roboex32.dll
[1996/11/14 07:42:48 | 000,356,928 | ---- | C] (SkyLine Inc.) -- C:\Program Files\SKY16V3C.DLL
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 23:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/07 10:40:42 | 056,819,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/07 10:39:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 01:08:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 01:06:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/07 01:06:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 01:06:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 01:06:40 | 1473,916,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 01:05:33 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\NTUSER.DAT
[2010/03/07 01:05:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\ntuser.ini
[2010/03/07 00:47:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/04 13:07:39 | 000,001,407 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/03/03 13:07:10 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 11:21:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 12:36 pm

[2010/03/03 11:21:52 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/27 16:34:42 | 000,211,893 | ---- | M] () -- C:\WINDOWS\System32\drivers\lhbtc.sys
[2010/02/26 06:47:44 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/02/25 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/02/25 15:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/25 10:07:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/02/24 10:54:00 | 000,362,576 | ---- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\rx_audio.Cache
[2010/02/15 07:48:06 | 000,193,843 | R--- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Picture 002.jpg
[2010/02/10 17:02:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 08:51:56 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/07 23:47:28 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\Desktop\Revised Excelsiola Add.doc
[2010/02/06 15:48:03 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner.ChucksMachine1\Desktop\Up for sale Excelsiola Accordion.doc
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 00:47:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/27 16:34:42 | 000,211,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\lhbtc.sys
[2010/02/26 06:42:41 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/02/24 00:10:04 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/24 00:10:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/15 07:50:52 | 000,193,843 | R--- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Picture 002.jpg
[2010/02/08 08:51:56 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/07 11:40:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Desktop\Revised Excelsiola Add.doc
[2010/02/06 15:47:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Desktop\Up for sale Excelsiola Accordion.doc
[2009/12/28 18:14:08 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/12/28 18:14:08 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/12/28 18:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/12/28 18:14:08 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/12/21 08:20:34 | 000,005,609 | -HS- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720C.manifest
[2009/12/21 08:20:34 | 000,002,078 | -HS- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720P.manifest
[2009/12/21 08:20:34 | 000,000,555 | -HS- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720O.manifest
[2009/12/21 08:20:34 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720S.manifest
[2009/10/11 22:05:54 | 000,362,576 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\rx_audio.Cache
[2009/10/11 21:52:18 | 000,008,856 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\rx_image.Cache
[2009/09/02 10:33:19 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/09/02 10:33:18 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/09/02 10:33:18 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2009/09/02 10:33:18 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2009/08/22 10:40:26 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/08/22 10:40:00 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/08/22 10:39:54 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/08/22 10:35:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/08/22 10:35:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/08/22 10:35:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009/08/22 10:35:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/07/21 17:51:50 | 000,009,218 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\SmarThruOptions.xml
[2009/03/26 11:49:01 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2009/03/26 11:49:01 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2009/02/10 16:05:51 | 000,000,499 | ---- | C] () -- C:\Program Files\ActivationFile.htm
[2008/05/22 07:36:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2008/05/22 07:36:17 | 000,000,403 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2008/05/22 07:30:39 | 000,001,407 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/04/11 15:32:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/03/04 08:51:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\GEOCALCSET.INI
[2008/03/03 13:51:09 | 000,011,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/03/03 13:51:06 | 000,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2008/03/03 13:51:05 | 004,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/03/03 13:51:05 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/01/04 10:26:59 | 000,011,949 | ---- | C] () -- C:\Program Files\01018651.cab
[2007/10/29 09:40:14 | 000,000,193 | ---- | C] () -- C:\Program Files\labeler.dpf
[2007/10/26 19:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/09/03 08:30:20 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2007/09/03 08:30:19 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI
[2007/09/03 08:30:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI
[2007/09/03 08:23:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\topo2.ini
[2007/07/26 10:07:01 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2007/07/26 10:07:01 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2007/07/25 13:46:30 | 000,301,692 | ---- | C] () -- C:\Program Files\labeler.chm
[2007/07/09 10:45:31 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\fusioncache.dat
[2007/06/25 13:04:26 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/07 07:44:21 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/21 07:38:14 | 000,016,663 | ---- | C] () -- C:\Program Files\bumminez.sty
[2007/05/19 15:50:51 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Musician.INI
[2007/05/19 14:51:52 | 001,571,504 | ---- | C] () -- C:\Program Files\BBW.LSW
[2007/05/19 12:09:22 | 000,081,845 | -H-- | C] () -- C:\Program Files\bbw.GID
[2007/05/15 11:29:06 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2007/05/14 15:42:50 | 000,000,188 | ---- | C] () -- C:\Program Files\$MIDIMON.cfg
[2007/03/20 13:44:00 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/03/06 09:13:52 | 000,000,768 | ---- | C] () -- C:\Program Files\MySetup.DK
[2007/03/06 09:10:26 | 000,043,899 | ---- | C] () -- C:\Program Files\intrface.bbw
[2007/03/06 09:10:26 | 000,003,200 | ---- | C] () -- C:\Program Files\DEFAULT.ALI
[2007/03/06 09:10:26 | 000,000,056 | ---- | C] () -- C:\Program Files\DEFAULT.BBC
[2007/03/06 09:09:00 | 000,000,077 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/02/22 14:35:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/12 10:33:55 | 000,221,184 | ---- | C] () -- C:\Program Files\db1.mdb
[2007/02/08 11:49:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/14 09:58:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/12/14 09:49:11 | 000,002,131 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/12/14 09:39:26 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2006/11/24 10:48:58 | 000,001,156 | ---- | C] () -- C:\Documents and Settings\Owner.ChucksMachine1\Application Data\wklnhst.dat
[2006/11/24 09:52:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/11/24 09:47:45 | 000,008,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/07 11:13:30 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/09/07 11:13:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/09/07 11:13:30 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/09/07 11:12:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/07 11:06:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 04:24:58 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:22 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2006/06/17 04:23:22 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/25 11:54:54 | 000,348,896 | ---- | C] () -- C:\Program Files\SPLASHHI.BMP
[2004/10/25 11:54:54 | 000,117,356 | ---- | C] () -- C:\Program Files\SPLASHLO.BMP
[2004/10/25 11:54:54 | 000,000,456 | ---- | C] () -- C:\Program Files\welcome.zdw
[2003/03/13 15:58:06 | 003,354,896 | ---- | C] () -- C:\Program Files\BBW.EXE
[2003/02/10 23:12:54 | 000,729,600 | ---- | C] () -- C:\Program Files\g32.exe
[2002/11/28 13:33:12 | 000,078,336 | ---- | C] () -- C:\Program Files\BBW.TPB
[2002/11/28 13:24:40 | 000,058,234 | ---- | C] () -- C:\Program Files\BBW.TIP
[2002/11/27 14:15:04 | 000,717,824 | ---- | C] () -- C:\Program Files\f32.exe
[2002/11/27 02:48:24 | 000,414,752 | ---- | C] () -- C:\Program Files\BBW.LST
[2002/11/26 03:07:36 | 002,901,589 | ---- | C] () -- C:\Program Files\bbw.hlp
[2002/11/26 02:42:02 | 000,021,357 | ---- | C] () -- C:\Program Files\bbw.cnt
[2002/11/25 23:00:22 | 000,063,488 | ---- | C] () -- C:\Program Files\DEFAULT.SOL
[2002/11/25 19:31:04 | 000,545,280 | ---- | C] () -- C:\Program Files\miniburn.exe
[2002/11/25 10:35:00 | 005,234,337 | ---- | C] () -- C:\Program Files\BB12upgrade.pdf
[2002/11/24 16:32:52 | 000,025,659 | ---- | C] () -- C:\Program Files\CREEDNCE.STY
[2002/11/24 16:21:24 | 000,009,609 | ---- | C] () -- C:\Program Files\L~BOSA4U.STY
[2002/11/24 13:15:18 | 000,026,299 | ---- | C] () -- C:\Program Files\JAZFOURC.STY
[2002/11/24 13:11:02 | 000,024,779 | ---- | C] () -- C:\Program Files\JAZFOURB.STY
[2002/11/24 13:07:00 | 000,020,446 | ---- | C] () -- C:\Program Files\JAZFOURA.STY
[2002/11/22 18:13:06 | 000,012,479 | ---- | C] () -- C:\Program Files\UKE_FAST.STY
[2002/11/22 17:25:56 | 000,015,500 | ---- | C] () -- C:\Program Files\MANDOLIN.STY
[2002/11/22 16:39:38 | 000,017,013 | ---- | C] () -- C:\Program Files\12ST&BAN.STY
[2002/11/22 15:34:36 | 000,018,761 | ---- | C] () -- C:\Program Files\BANJ&MAN.STY
[2002/11/22 15:26:12 | 000,005,327 | ---- | C] () -- C:\Program Files\v_test.MGU
[2002/11/22 15:19:36 | 000,023,992 | ---- | C] () -- C:\Program Files\BLUGRAS5.STY
[2002/11/22 14:43:32 | 000,008,084 | ---- | C] () -- C:\Program Files\SOLO_UKE.STY
[2002/11/22 14:39:04 | 000,009,556 | ---- | C] () -- C:\Program Files\UKE&BASS.STY
[2002/11/21 20:37:50 | 000,010,773 | ---- | C] () -- C:\Program Files\LOTUS.STY
[2002/11/21 18:16:36 | 000,014,112 | ---- | C] () -- C:\Program Files\GOSSAMER.STY
[2002/11/21 18:06:24 | 000,022,666 | ---- | C] () -- C:\Program Files\JOHNBAL.STY
[2002/11/21 12:23:54 | 000,029,791 | ---- | C] () -- C:\Program Files\CHUKSHUF.STY
[2002/11/21 12:21:10 | 000,008,672 | ---- | C] () -- C:\Program Files\CHUKSHUF.MGU
[2002/11/20 00:14:34 | 000,021,278 | ---- | C] () -- C:\Program Files\viol_sav.sty
[2002/11/19 23:56:24 | 000,343,434 | ---- | C] () -- C:\Program Files\MiniBurnHelp.hlp
[2002/11/15 16:51:24 | 000,015,401 | ---- | C] () -- C:\Program Files\SWING~EZ.STY
[2002/11/15 16:41:30 | 000,008,124 | ---- | C] () -- C:\Program Files\GARNER~.MGU
[2002/11/15 16:22:58 | 000,019,825 | ---- | C] () -- C:\Program Files\J~BREEZY.STY
[2002/11/15 16:07:26 | 000,015,410 | ---- | C] () -- C:\Program Files\GARNER~.STY
[2002/11/14 14:21:04 | 000,005,826 | ---- | C] () -- C:\Program Files\JAZFOURS.MGU
[2002/11/14 13:56:58 | 000,015,756 | ---- | C] () -- C:\Program Files\MILITARY.STY
[2002/11/14 13:51:30 | 000,013,753 | ---- | C] () -- C:\Program Files\J~GITWLZ.STY
[2002/11/14 13:51:20 | 000,020,075 | ---- | C] () -- C:\Program Files\J~BAS&BR.MGU
[2002/11/14 13:48:14 | 000,022,621 | ---- | C] () -- C:\Program Files\JOHNLEN.STY
[2002/11/14 13:46:16 | 000,019,099 | ---- | C] () -- C:\Program Files\JAZFOURS.STY
[2002/11/14 13:19:32 | 000,017,098 | ---- | C] () -- C:\Program Files\HAWAISLO.STY
[2002/11/14 12:42:40 | 000,018,521 | ---- | C] () -- C:\Program Files\CAMPFIRE.STY
[2002/11/14 12:39:40 | 000,025,110 | ---- | C] () -- C:\Program Files\BO_D.STY
[2002/11/14 12:37:06 | 000,028,849 | ---- | C] () -- C:\Program Files\BEEBROK5.STY
[2002/11/14 12:32:48 | 000,029,713 | ---- | C] () -- C:\Program Files\BEEBROK4.STY
[2002/11/13 17:55:42 | 000,016,189 | ---- | C] () -- C:\Program Files\P_NEILD1.STY
[2002/11/13 15:49:00 | 000,020,531 | ---- | C] () -- C:\Program Files\COZY_SW.STY
[2002/11/13 01:55:18 | 000,009,252 | ---- | C] () -- C:\Program Files\DRUMSOLJ.STY
[2002/11/13 01:03:02 | 000,009,490 | ---- | C] () -- C:\Program Files\J~BAS&BR.STY
[2002/11/12 01:44:20 | 000,030,093 | ---- | C] () -- C:\Program Files\DREAM.STY
[2002/11/12 01:02:00 | 000,038,902 | ---- | C] () -- C:\Program Files\BIGBAND1.STY
[2002/11/12 00:37:34 | 000,019,870 | ---- | C] () -- C:\Program Files\JOHNNYH.STY
[2002/11/07 20:17:02 | 000,012,877 | ---- | C] () -- C:\Program Files\POP_SADE.STY
[2002/11/07 20:01:08 | 000,005,572 | ---- | C] () -- C:\Program Files\ROKTRIO1.STY
[2002/11/06 18:37:14 | 000,021,449 | ---- | C] () -- C:\Program Files\DIXIDUKE.STY
[2002/10/26 22:52:12 | 000,013,556 | ---- | C] () -- C:\Program Files\Night_t.MGU
[2002/08/16 14:04:50 | 000,015,167 | ---- | C] () -- C:\Program Files\J!~HOAGY.STY
[2002/08/16 14:04:50 | 000,012,765 | ---- | C] () -- C:\Program Files\J!~HOAGY.MGU
[2002/08/16 14:04:38 | 000,026,292 | ---- | C] () -- C:\Program Files\J!~BENNY.STY
[2002/08/16 14:04:38 | 000,007,979 | ---- | C] () -- C:\Program Files\J!~BENNY.MGU
[2002/08/16 14:04:26 | 000,012,612 | ---- | C] () -- C:\Program Files\J!SATCH.STY
[2002/08/16 14:04:26 | 000,005,528 | ---- | C] () -- C:\Program Files\J!SATCH.MGU
[2002/08/16 14:04:24 | 000,017,081 | ---- | C] () -- C:\Program Files\J!N_ORL2.STY
[2002/08/16 14:04:22 | 000,005,037 | ---- | C] () -- C:\Program Files\J!N_ORL2.MGU
[2002/08/16 14:04:12 | 000,027,951 | ---- | C] () -- C:\Program Files\J!MANCNI.STY
[2002/08/16 14:04:12 | 000,005,526 | ---- | C] () -- C:\Program Files\J!MANCNI.MGU
[2002/08/16 14:03:46 | 000,014,840 | ---- | C] () -- C:\Program Files\J!LUSH.STY
[2002/08/16 14:03:46 | 000,008,202 | ---- | C] () -- C:\Program Files\J!LUSH.MGU
[2002/08/16 14:03:10 | 000,015,683 | ---- | C] () -- C:\Program Files\J!~SKY.STY
[2002/08/16 14:03:10 | 000,009,197 | ---- | C] () -- C:\Program Files\J!~SKY.MGU
[2002/08/16 14:03:08 | 000,033,375 | ---- | C] () -- C:\Program Files\J!~NIGHT.STY
[2002/08/16 14:03:06 | 000,008,036 | ---- | C] () -- C:\Program Files\J!~NIGHT.MGU
[2002/08/16 14:03:04 | 000,025,281 | ---- | C] () -- C:\Program Files\J!~NAT2.STY
[2002/08/16 14:03:04 | 000,010,622 | ---- | C] () -- C:\Program Files\J!~NAT2.MGU
[2002/08/16 13:59:06 | 000,000,188 | ---- | C] () -- C:\Program Files\BLANK34.STY
[2002/08/16 13:22:58 | 000,012,315 | ---- | C] () -- C:\Program Files\~!CHETBR.STY
[2002/08/16 13:22:58 | 000,003,281 | ---- | C] () -- C:\Program Files\~!CHETBR.MGU
[2002/08/16 13:22:52 | 000,019,158 | ---- | C] () -- C:\Program Files\WINDS!.STY
[2002/08/16 13:22:52 | 000,004,594 | ---- | C] () -- C:\Program Files\WINDS!.MGU
[2002/08/16 13:22:44 | 000,021,889 | ---- | C] () -- C:\Program Files\TRAVEL!.STY
[2002/08/16 13:22:44 | 000,004,609 | ---- | C] () -- C:\Program Files\TRAVEL!.MGU
[2002/08/16 13:22:34 | 000,015,253 | ---- | C] () -- C:\Program Files\SMOOTH!~.STY
[2002/08/16 13:22:34 | 000,003,333 | ---- | C] () -- C:\Program Files\SMOOTH!~.MGU
[2002/08/16 13:22:20 | 000,018,330 | ---- | C] () -- C:\Program Files\PERCY!~.STY
[2002/08/16 13:22:20 | 000,003,607 | ---- | C] () -- C:\Program Files\PERCY!~.MGU
[2002/08/16 13:21:54 | 000,014,557 | ---- | C] () -- C:\Program Files\J!GITWLZ.STY
[2002/08/16 13:21:52 | 000,004,097 | ---- | C] () -- C:\Program Files\J!GITWLZ.MGU
[2002/08/16 13:21:24 | 000,006,966 | ---- | C] () -- C:\Program Files\C!GITWLZ.STY
[2002/08/16 13:21:22 | 000,003,451 | ---- | C] () -- C:\Program Files\C!GITWLZ.MGU
[2002/08/16 13:21:20 | 000,025,712 | ---- | C] () -- C:\Program Files\AMOUR!.STY
[2002/08/16 13:21:20 | 000,004,093 | ---- | C] () -- C:\Program Files\AMOUR!.MGU
[2002/08/16 13:21:10 | 000,009,763 | ---- | C] () -- C:\Program Files\!CAMPGIT.STY
[2002/08/16 13:21:10 | 000,002,916 | ---- | C] () -- C:\Program Files\!CAMPGIT.MGU
[2002/08/16 13:21:00 | 000,014,690 | ---- | C] () -- C:\Program Files\!BYRDQRT.STY
[2002/08/16 13:21:00 | 000,007,285 | ---- | C] () -- C:\Program Files\!BYRDQRT.MGU
[2002/08/16 12:42:04 | 000,018,255 | ---- | C] () -- C:\Program Files\C_JAMEST.STY
[2002/08/16 12:42:04 | 000,003,700 | ---- | C] () -- C:\Program Files\C_JAMEST.MGU
[2002/08/15 14:42:22 | 000,023,612 | ---- | C] () -- C:\Program Files\60SRKBAL.STY
[2002/08/15 14:42:22 | 000,006,291 | ---- | C] () -- C:\Program Files\60SRKBAL.MGU
[2002/08/15 12:49:30 | 000,002,724 | ---- | C] () -- C:\Program Files\BLINK_1.MGU
[2002/08/15 12:49:28 | 000,022,228 | ---- | C] () -- C:\Program Files\BLINK_1.STY
[2002/08/15 12:49:24 | 000,022,865 | ---- | C] () -- C:\Program Files\BACKST_8.STY
[2002/08/15 12:49:24 | 000,005,120 | ---- | C] () -- C:\Program Files\BACKST_8.MGU
[2002/08/15 12:49:22 | 000,003,344 | ---- | C] () -- C:\Program Files\AGUILERA.MGU
[2002/08/15 12:49:20 | 000,018,210 | ---- | C] () -- C:\Program Files\AGUILER1.STY
[2002/08/15 12:49:18 | 000,003,322 | ---- | C] () -- C:\Program Files\AGUILER1.MGU
[2002/08/15 12:48:58 | 000,033,031 | ---- | C] () -- C:\Program Files\ROBBIE.STY
[2002/08/15 12:48:58 | 000,007,009 | ---- | C] () -- C:\Program Files\ROBBIE.MGU
[2002/08/15 12:48:48 | 000,003,306 | ---- | C] () -- C:\Program Files\RIKYFAST.MGU
[2002/08/15 12:48:46 | 000,022,092 | ---- | C] () -- C:\Program Files\RIKYFAST.STY
[2002/08/15 12:48:44 | 000,003,262 | ---- | C] () -- C:\Program Files\POP_3_4.MGU
[2002/08/15 12:48:42 | 000,010,712 | ---- | C] () -- C:\Program Files\POP_3_4.STY
[2002/08/15 12:48:28 | 000,003,772 | ---- | C] () -- C:\Program Files\CAREY128.MGU
[2002/08/15 12:48:26 | 000,025,996 | ---- | C] () -- C:\Program Files\CAREY128.STY
[2002/08/15 12:48:20 | 000,006,780 | ---- | C] () -- C:\Program Files\BTNY_BAL.MGU
[2002/08/15 12:48:18 | 000,031,028 | ---- | C] () -- C:\Program Files\BTNY_BAL.STY
[2002/08/14 13:26:46 | 000,007,197 | ---- | C] () -- C:\Program Files\3GIT_16.MGU
[2002/08/14 13:26:44 | 000,029,881 | ---- | C] () -- C:\Program Files\3GIT_16.STY
[2002/08/14 13:26:14 | 000,023,871 | ---- | C] () -- C:\Program Files\J~LIONEL.STY
[2002/08/14 13:26:14 | 000,007,869 | ---- | C] () -- C:\Program Files\J~LIONEL.MGU
[2002/08/14 13:25:28 | 000,009,626 | ---- | C] () -- C:\Program Files\B_GEES1.MGU
[2002/08/14 13:25:26 | 000,010,024 | ---- | C] () -- C:\Program Files\B_GEES1.STY
[2002/08/14 13:25:24 | 000,011,271 | ---- | C] () -- C:\Program Files\BLONDY1.STY
[2002/08/14 13:25:24 | 000,004,133 | ---- | C] () -- C:\Program Files\BLONDY1.MGU
[2002/08/14 13:25:22 | 000,005,616 | ---- | C] () -- C:\Program Files\BGEE_BAL.MGU
[2002/08/14 13:25:20 | 000,013,732 | ---- | C] () -- C:\Program Files\BGEE_BAL.STY
[2002/08/14 11:38:12 | 000,013,809 | ---- | C] () -- C:\Program Files\MOUNTN_D.MGU
[2002/08/14 11:38:10 | 000,032,043 | ---- | C] () -- C:\Program Files\MOUNTN_D.STY
[2002/08/14 11:38:04 | 000,008,605 | ---- | C] () -- C:\Program Files\JTLATIN.MGU
[2002/08/14 11:38:02 | 000,023,088 | ---- | C] () -- C:\Program Files\JTLATIN.STY
[2002/08/14 09:46:08 | 000,029,923 | ---- | C] () -- C:\Program Files\BEEBROCK.STY
[2002/08/14 09:46:08 | 000,011,267 | ---- | C] () -- C:\Program Files\BEEBROCK.MGU
[2002/08/14 09:46:02 | 000,026,129 | ---- | C] () -- C:\Program Files\STRAYST8.STY
[2002/08/14 09:46:02 | 000,006,802 | ---- | C] () -- C:\Program Files\STRAYST8.MGU
[2002/08/14 09:45:56 | 000,025,095 | ---- | C] () -- C:\Program Files\STONESHF.STY
[2002/08/14 09:45:56 | 000,010,217 | ---- | C] () -- C:\Program Files\STONESHF.MGU
[2002/08/14 09:45:28 | 000,009,561 | ---- | C] () -- C:\Program Files\HOWLINW.MGU
[2002/08/14 09:45:26 | 000,032,947 | ---- | C] () -- C:\Program Files\HOWLINW.STY
[2002/08/14 09:45:22 | 000,029,398 | ---- | C] () -- C:\Program Files\DRJONSHF.STY
[2002/08/14 09:45:22 | 000,006,869 | ---- | C] () -- C:\Program Files\DRJONSHF.MGU
[2002/08/14 09:45:20 | 000,008,051 | ---- | C] () -- C:\Program Files\DRJONROK.MGU
[2002/08/14 09:45:18 | 000,028,242 | ---- | C] () -- C:\Program Files\DRJONROK.STY
[2002/08/14 09:45:04 | 000,032,981 | ---- | C] () -- C:\Program Files\BEEBSHUF.STY
[2002/08/14 09:45:04 | 000,008,049 | ---- | C] () -- C:\Program Files\BEEBSHUF.MGU
[2002/08/14 09:45:02 | 000,011,268 | ---- | C] () -- C:\Program Files\BEEBROK5.MGU
[2002/08/14 09:44:58 | 000,011,271 | ---- | C] () -- C:\Program Files\BEEBROK4.MGU
[2002/08/13 14:52:40 | 000,008,286 | ---- | C] () -- C:\Program Files\C_90BAL.MGU
[2002/08/13 14:51:58 | 000,018,395 | ---- | C] () -- C:\Program Files\C_90BAL.STY
[2002/08/13 14:37:12 | 000,014,354 | ---- | C] () -- C:\Program Files\WR_Waltz.sty
[2002/08/13 14:37:10 | 000,002,775 | ---- | C] () -- C:\Program Files\WR_WALTZ.MGU
[2002/08/13 14:36:42 | 000,031,761 | ---- | C] () -- C:\Program Files\MilesFnk.sty
[2002/08/13 14:36:42 | 000,004,322 | ---- | C] () -- C:\Program Files\MILESFNK.MGU
[2002/08/13 14:11:34 | 000,016,087 | ---- | C] () -- C:\Program Files\ZZCHACHA.STY
[2002/08/13 14:06:30 | 000,019,671 | ---- | C] () -- C:\Program Files\Z5BOSSA.STY
[2002/08/13 13:59:02 | 000,020,571 | ---- | C] () -- C:\Program Files\ZZBOSSA.STY
[2002/08/13 13:50:30 | 000,023,428 | ---- | C] () -- C:\Program Files\L_BOSMED.STY
[2002/08/13 13:44:48 | 000,016,186 | ---- | C] () -- C:\Program Files\L_SAMBA2.STY
[2002/08/13 13:17:10 | 000,009,002 | ---- | C] () -- C:\Program Files\J_WESWLZ.STY
[2002/08/13 13:08:50 | 000,013,655 | ---- | C] () -- C:\Program Files\BIG_BEAT.STY
[2002/08/12 17:10:10 | 000,008,468 | ---- | C] () -- C:\Program Files\Berlyn.STY
[2002/08/12 17:10:08 | 000,005,173 | ---- | C] () -- C:\Program Files\BERLYN.MGU
[2002/08/12 15:24:18 | 000,016,286 | ---- | C] () -- C:\Program Files\RAIN~DRP.MGU
[2002/08/12 15:23:32 | 000,008,817 | ---- | C] () -- C:\Program Files\WLZ~SLOW.STY
[2002/08/12 15:23:30 | 000,003,750 | ---- | C] () -- C:\Program Files\WLZ~SLOW.MGU
[2002/08/12 15:23:24 | 000,009,346 | ---- | C] () -- C:\Program Files\SLOWLZ12.STY
[2002/08/12 15:23:24 | 000,007,614 | ---- | C] () -- C:\Program Files\SLOWLZ12.MGU
[2002/08/12 15:23:22 | 000,011,553 | ---- | C] () -- C:\Program Files\R_CITYRK.STY
[2002/08/12 15:23:22 | 000,007,603 | ---- | C] () -- C:\Program Files\R_CITYRK.MGU
[2002/08/12 15:23:18 | 000,016,077 | ---- | C] () -- C:\Program Files\RAIN~DRP.STY
[2002/08/12 15:23:08 | 000,014,757 | ---- | C] () -- C:\Program Files\L~RUMBA3.STY
[2002/08/12 15:23:08 | 000,007,038 | ---- | C] () -- C:\Program Files\L~RUMBA3.MGU
[2002/08/12 15:22:06 | 000,018,942 | ---- | C] () -- C:\Program Files\COC~TAIL.STY
[2002/08/12 15:22:06 | 000,005,154 | ---- | C] () -- C:\Program Files\COC~TAIL.MGU
[2002/08/12 15:21:52 | 000,010,598 | ---- | C] () -- C:\Program Files\BOOGYSHF.STY
[2002/08/12 15:21:52 | 000,007,618 | ---- | C] () -- C:\Program Files\BOOGYSHF.MGU
[2002/08/12 15:21:44 | 000,014,656 | ---- | C] () -- C:\Program Files\BOGEY~.STY
[2002/08/12 15:21:44 | 000,006,308 | ---- | C] () -- C:\Program Files\BOGEY~.MGU
[2002/08/09 15:03:04 | 000,010,953 | ---- | C] () -- C:\Program Files\MOZ44LH.MGU
[2002/08/09 15:03:04 | 000,001,556 | ---- | C] () -- C:\Program Files\MOZ44LH.STY
[2002/08/09 11:43:32 | 000,022,536 | ---- | C] () -- C:\Program Files\R_SHUFLE.STY
[2002/08/09 11:43:32 | 000,012,229 | ---- | C] () -- C:\Program Files\R_SHUFLE.MGU
[2002/08/09 11:43:26 | 000,067,197 | ---- | C] () -- C:\Program Files\R_ROCK1.MGU
[2002/08/09 11:43:26 | 000,014,522 | ---- | C] () -- C:\Program Files\R_ROCK1.STY
[2002/08/09 11:43:08 | 000,022,299 | ---- | C] () -- C:\Program Files\R_POP16S.MGU
[2002/08/09 11:43:08 | 000,014,436 | ---- | C] () -- C:\Program Files\R_POP16S.STY
[2002/08/09 11:42:46 | 000,052,199 | ---- | C] () -- C:\Program Files\R_HHFUNK.MGU
[2002/08/09 11:42:44 | 000,013,305 | ---- | C] () -- C:\Program Files\R_HHFUNK.STY
[2002/08/09 00:04:48 | 000,004,008 | ---- | C] () -- C:\Program Files\L~JOBIM1.MGU
[2002/08/08 23:44:54 | 000,011,513 | ---- | C] () -- C:\Program Files\L~JOBIM1.STY
[2002/08/08 15:15:14 | 000,019,401 | ---- | C] () -- C:\Program Files\L_TITO.STY
[2002/08/08 15:15:12 | 000,003,082 | ---- | C] () -- C:\Program Files\L_TITO.MGU
[2002/08/08 15:14:56 | 000,003,403 | ---- | C] () -- C:\Program Files\L_SAMBA2.MGU
[2002/08/08 15:14:00 | 000,006,201 | ---- | C] () -- C:\Program Files\L_BOSMED.MGU
[2002/08/07 17:08:28 | 000,006,380 | ---- | C] () -- C:\Program Files\J_DIXIE3.MGU
[2002/08/07 16:42:08 | 000,007,232 | ---- | C] () -- C:\Program Files\P_WHITKR.MGU
[2002/08/07 16:35:18 | 000,030,643 | ---- | C] () -- C:\Program Files\J_BASIE2.STY
[2002/08/07 16:35:18 | 000,005,787 | ---- | C] () -- C:\Program Files\J_BASIE2.MGU
[2002/08/07 16:34:20 | 000,017,793 | ---- | C] () -- C:\Program Files\P_WHITKR.STY
[2002/08/07 16:33:52 | 000,015,111 | ---- | C] () -- C:\Program Files\J_EVANLH.STY
[2002/08/07 16:33:52 | 000,006,337 | ---- | C] () -- C:\Program Files\J_EVANLH.MGU
[2002/08/07 16:29:04 | 000,021,372 | ---- | C] () -- C:\Program Files\J_DIXIE3.STY
[2002/08/07 16:06:28 | 000,025,918 | ---- | C] () -- C:\Program Files\J_BASIE1.STY
[2002/08/07 15:45:54 | 000,006,724 | ---- | C] () -- C:\Program Files\CLASSY.MGU
[2002/08/07 15:44:38 | 000,021,887 | ---- | C] () -- C:\Program Files\CLASSY.STY
[2002/08/07 15:34:32 | 000,005,660 | ---- | C] () -- C:\Program Files\CHOPIN_W.MGU
[2002/08/07 15:34:30 | 000,004,021 | ---- | C] () -- C:\Program Files\CHOPIN_W.STY
[2002/08/07 13:29:06 | 000,007,538 | ---- | C] () -- C:\Program Files\P_PHIL_C.MGU
[2002/08/07 13:29:04 | 000,007,145 | ---- | C] () -- C:\Program Files\P_PHIL_C.STY
[2002/08/07 13:28:48 | 000,013,557 | ---- | C] () -- C:\Program Files\C_TRAVIS.STY
[2002/08/07 13:28:48 | 000,006,577 | ---- | C] () -- C:\Program Files\C_TRAVIS.MGU
[2002/08/07 13:28:42 | 000,011,991 | ---- | C] () -- C:\Program Files\C_TEX_SW.MGU
[2002/08/07 13:28:40 | 000,007,804 | ---- | C] () -- C:\Program Files\C_TEX_SW.STY
[2002/08/07 13:28:38 | 000,015,499 | ---- | C] () -- C:\Program Files\C_SWING.STY
[2002/08/07 13:28:38 | 000,008,632 | ---- | C] () -- C:\Program Files\C_SWING.MGU
[2002/08/07 12:14:58 | 000,024,528 | ---- | C] () -- C:\Program Files\C_JETHRO.STY
[2002/08/07 12:14:58 | 000,013,899 | ---- | C] () -- C:\Program Files\C_JETHRO.MGU
[2002/08/07 12:14:30 | 000,012,314 | ---- | C] () -- C:\Program Files\C_EAGLES.STY
[2002/08/07 12:14:30 | 000,009,214 | ---- | C] () -- C:\Program Files\C_EAGLES.MGU
[2002/08/07 10:25:06 | 000,004,091 | ---- | C] () -- C:\Program Files\J_CARIBE.MGU
[2002/08/06 18:17:20 | 000,010,954 | ---- | C] () -- C:\Program Files\J_CARIBE.STY
[2002/08/06 18:13:40 | 000,014,142 | ---- | C] () -- C:\Program Files\L_ARRIBA.STY
[2002/08/06 18:13:38 | 000,003,091 | ---- | C] () -- C:\Program Files\L_ARRIBA.MGU
[2002/08/06 18:10:46 | 000,018,845 | ---- | C] () -- C:\Program Files\J~EASY.STY
[2002/08/06 18:10:16 | 000,005,005 | ---- | C] () -- C:\Program Files\J~EASY.MGU
[2002/08/06 18:09:46 | 000,016,330 | ---- | C] () -- C:\Program Files\J_WYNT_K.STY
[2002/08/06 18:09:46 | 000,006,721 | ---- | C] () -- C:\Program Files\J_WYNT_K.MGU
[2002/08/06 18:09:36 | 000,005,549 | ---- | C] () -- C:\Program Files\J_WESWLZ.MGU
[2002/08/06 18:09:22 | 000,014,027 | ---- | C] () -- C:\Program Files\J_NOPNO.STY
[2002/08/06 18:09:20 | 000,006,619 | ---- | C] () -- C:\Program Files\J_NOPNO.MGU
[2002/08/06 18:02:42 | 000,016,558 | ---- | C] () -- C:\Program Files\J_JSMITH.STY
[2002/08/06 18:02:16 | 000,013,924 | ---- | C] () -- C:\Program Files\J_L_MAYS.STY
[2002/08/06 18:02:14 | 000,008,044 | ---- | C] () -- C:\Program Files\J_L_MAYS.MGU
[2002/08/06 18:02:10 | 000,006,782 | ---- | C] () -- C:\Program Files\J_JSMITH.MGU
[2002/08/06 18:01:26 | 000,020,756 | ---- | C] () -- C:\Program Files\J_DJANGO.STY
[2002/08/06 18:01:24 | 000,007,435 | ---- | C] () -- C:\Program Files\J_DJANGO.MGU
[2002/08/06 10:55:58 | 000,008,315 | ---- | C] () -- C:\Program Files\MOONRIVR.STY
[2002/08/06 10:54:28 | 000,003,530 | ---- | C] () -- C:\Program Files\MOONRIVR.MGU
[2002/08/06 10:49:12 | 000,009,422 | ---- | C] () -- C:\Program Files\TENDERLY.STY
[2002/08/06 10:49:12 | 000,003,207 | ---- | C] () -- C:\Program Files\TENDERLY.MGU
[2002/08/06 10:48:54 | 000,022,184 | ---- | C] () -- C:\Program Files\SINATRA.STY
[2002/08/06 10:48:54 | 000,005,047 | ---- | C] () -- C:\Program Files\SINATRA.MGU
[2002/08/06 10:47:50 | 000,013,269 | ---- | C] () -- C:\Program Files\J_WALTZ2.STY
[2002/08/06 10:47:48 | 000,004,093 | ---- | C] () -- C:\Program Files\J_WALTZ2.MGU
[2002/08/06 10:47:42 | 000,020,199 | ---- | C] () -- C:\Program Files\J_DIZZY.STY
[2002/08/06 10:47:42 | 000,007,013 | ---- | C] () -- C:\Program Files\J_DIZZY.MGU
[2002/08/06 10:47:10 | 000,011,090 | ---- | C] () -- C:\Program Files\JAZCOOL.STY
[2002/08/06 10:47:08 | 000,004,686 | ---- | C] () -- C:\Program Files\JAZCOOL.MGU
[2002/08/06 10:46:46 | 000,015,021 | ---- | C] () -- C:\Program Files\CUTXFUNK.STY
[2002/08/06 10:46:44 | 000,005,697 | ---- | C] () -- C:\Program Files\CUTXFUNK.MGU
[2002/07/30 12:13:24 | 000,010,134 | ---- | C] () -- C:\Program Files\METAL1.MGU
[2002/07/30 11:57:26 | 000,012,912 | ---- | C] () -- C:\Program Files\FLOYD.MGU
[2002/07/30 11:42:48 | 000,006,229 | ---- | C] () -- C:\Program Files\TANGO.MGU
[2002/07/30 11:41:32 | 000,015,882 | ---- | C] () -- C:\Program Files\TANGO.STY
[2002/07/30 11:14:24 | 000,013,509 | ---- | C] () -- C:\Program Files\METAL2.MGU
[2002/07/30 11:14:22 | 000,013,458 | ---- | C] () -- C:\Program Files\METAL2.STY
[2002/07/30 11:14:18 | 000,014,257 | ---- | C] () -- C:\Program Files\METAL1.STY
[2002/07/30 11:13:50 | 000,019,979 | ---- | C] () -- C:\Program Files\LARRY.STY
[2002/07/30 11:13:50 | 000,003,426 | ---- | C] () -- C:\Program Files\LARRY.MGU
[2002/07/30 11:13:46 | 000,008,091 | ---- | C] () -- C:\Program Files\KLEZMER2.STY
[2002/07/30 11:13:44 | 000,005,138 | ---- | C] () -- C:\Program Files\KLEZMER2.MGU
[2002/07/30 11:13:40 | 000,013,845 | ---- | C] () -- C:\Program Files\KLEZMER1.STY
[2002/07/30 11:13:40 | 000,002,492 | ---- | C] () -- C:\Program Files\KLEZMER1.MGU
[2002/07/30 11:13:18 | 000,015,145 | ---- | C] () -- C:\Program Files\JAZQUINT.STY
[2002/07/30 11:13:16 | 000,005,343 | ---- | C] () -- C:\Program Files\JAZQUINT.MGU
[2002/07/30 11:12:58 | 000,011,094 | ---- | C] () -- C:\Program Files\GEORGIA.STY
[2002/07/30 11:12:56 | 000,004,505 | ---- | C] () -- C:\Program Files\GEORGIA.MGU
[2002/07/30 11:12:48 | 000,014,364 | ---- | C] () -- C:\Program Files\FLOYD.STY
[2002/07/30 11:12:42 | 000,016,822 | ---- | C] () -- C:\Program Files\FATS_DOM.STY
[2002/07/30 11:12:42 | 000,005,756 | ---- | C] () -- C:\Program Files\FATS_DOM.MGU
[2002/07/30 11:12:38 | 000,003,700 | ---- | C] () -- C:\Program Files\FATSWALR.STY
[2002/07/30 11:12:36 | 000,014,049 | ---- | C] () -- C:\Program Files\FATSWALR.MGU
[2002/07/29 13:24:42 | 000,008,505 | ---- | C] () -- C:\Program Files\LITEROK2.MGU
[2002/07/29 10:21:48 | 000,003,644 | ---- | C] () -- C:\Program Files\JOPLIN.STY
[2002/07/29 09:59:30 | 000,024,021 | ---- | C] () -- C:\Program Files\NEWAGE_1.STY
[2002/07/29 09:59:28 | 000,003,025 | ---- | C] () -- C:\Program Files\NEWAGE_1.MGU
[2002/07/29 09:59:16 | 000,016,126 | ---- | C] () -- C:\Program Files\LITEROK2.STY
[2002/07/29 09:58:56 | 000,015,765 | ---- | C] () -- C:\Program Files\JOPLIN.MGU
[2002/07/17 15:37:38 | 000,014,613 | ---- | C] () -- C:\Program Files\ZZRHUMBA.STY
[2002/07/17 15:35:36 | 000,020,089 | ---- | C] () -- C:\Program Files\ZZREGGAE.STY
[2002/07/17 15:34:00 | 000,009,979 | ---- | C] () -- C:\Program Files\ZZPOPBAL.STY
[2002/07/17 15:32:26 | 000,014,342 | ---- | C] () -- C:\Program Files\ZZPBAL12.STY
[2002/07/17 15:26:36 | 000,011,688 | ---- | C] () -- C:\Program Files\ZZWALTZ.STY
[2002/07/17 15:24:36 | 000,010,883 | ---- | C] () -- C:\Program Files\ZZSHFROK.STY
[2002/07/17 15:18:16 | 000,010,354 | ---- | C] () -- C:\Program Files\ZZOLCTRY.STY
[2002/07/17 15:17:30 | 000,016,205 | ---- | C] () -- C:\Program Files\ZZMILLYP.STY
[2002/07/17 15:14:44 | 000,022,024 | ---- | C] () -- C:\Program Files\ZZMIAMIP.STY
[2002/07/17 15:10:46 | 000,012,074 | ---- | C] () -- C:\Program Files\ZZMEDROK.STY
[2002/07/17 15:09:52 | 000,014,268 | ---- | C] () -- C:\Program Files\ZZLITROK.STY
[2002/07/17 15:08:32 | 000,017,112 | ---- | C] () -- C:\Program Files\Zzjazzsw.sty
[2002/07/17 15:05:34 | 000,015,045 | ---- | C] () -- C:\Program Files\ZZJAZZ.STY
[2002/07/17 15:04:00 | 000,006,693 | ---- | C] () -- C:\Program Files\ZZJAZWAL.STY
[2002/07/17 15:02:58 | 000,013,924 | ---- | C] () -- C:\Program Files\ZzJazOld.sty
[2002/07/17 15:01:46 | 000,018,194 | ---- | C] () -- C:\Program Files\ZZIRISH.STY
[2002/07/17 15:01:04 | 000,021,920 | ---- | C] () -- C:\Program Files\ZZHEVROK.STY
[2002/07/17 14:57:38 | 000,021,667 | ---- | C] () -- C:\Program Files\ZZFUNK.STY
[2002/07/17 14:53:14 | 000,012,971 | ---- | C] () -- C:\Program Files\ZZETHNIC.STY
[2002/07/17 14:52:30 | 000,019,655 | ---- | C] () -- C:\Program Files\ZZCOUN12.STY
[2002/07/17 14:51:24 | 000,012,660 | ---- | C] () -- C:\Program Files\ZZCONTRY.STY
[2002/07/17 14:49:56 | 000,011,761 | ---- | C] () -- C:\Program Files\ZZBOUNCY.STY
[2002/07/17 14:48:32 | 000,010,094 | ---- | C] () -- C:\Program Files\ZZBLUSTR.STY
[2002/07/17 14:47:40 | 000,022,542 | ---- | C] () -- C:\Program Files\ZZBLUSHF.STY
[2002/07/17 14:46:42 | 000,012,986 | ---- | C] () -- C:\Program Files\Z5ETHNIC.STY
[2002/07/17 14:44:52 | 000,011,396 | ---- | C] () -- C:\Program Files\Z4POPBAL.STY
[2002/07/17 14:43:54 | 000,014,572 | ---- | C] () -- C:\Program Files\Z4COUN12.STY
[2002/07/17 14:42:52 | 000,019,113 | ---- | C] () -- C:\Program Files\Z4BOSSA.STY
[2002/07/17 14:41:58 | 000,015,132 | ---- | C] () -- C:\Program Files\Z3HEVROK.STY
[2002/07/17 14:40:28 | 000,008,039 | ---- | C] () -- C:\Program Files\Z3ETHNIC.STY
[2002/07/17 14:39:32 | 000,014,342 | ---- | C] () -- C:\Program Files\Z3BOSSA.STY
[2002/07/17 14:36:38 | 000,019,135 | ---- | C] () -- C:\Program Files\Z3BLUSHF.STY
[2002/07/10 13:00:10 | 000,006,463 | ---- | C] () -- C:\Program Files\CHACHA_G.MGU
[2002/07/10 12:57:12 | 000,003,484 | ---- | C] () -- C:\Program Files\SWBALLAD.MGU
[2002/07/10 12:56:38 | 000,007,663 | ---- | C] () -- C:\Program Files\STRIDE.MGU
[2002/07/10 12:03:38 | 000,016,130 | ---- | C] () -- C:\Program Files\SWBALLAD.STY
[2002/07/10 12:03:24 | 000,007,027 | ---- | C] () -- C:\Program Files\STRIDE.STY
[2002/07/10 11:25:08 | 000,013,841 | ---- | C] () -- C:\Program Files\CHACHA_G.STY
[2002/07/09 20:42:40 | 000,010,952 | ---- | C] () -- C:\Program Files\GARNER.STY
[2002/07/09 20:42:40 | 000,006,726 | ---- | C] () -- C:\Program Files\GARNER.MGU
[2002/07/09 19:13:40 | 000,008,833 | ---- | C] () -- C:\Program Files\MOTOWN_1.STY
[2002/07/09 19:13:36 | 000,004,900 | ---- | C] () -- C:\Program Files\MOTOWN_1.MGU
[2002/07/09 17:45:00 | 000,001,906 | ---- | C] () -- C:\Program Files\HEAVYMET.MGU
[2002/07/09 17:40:00 | 000,016,336 | ---- | C] () -- C:\Program Files\HEAVYMET.STY
[2002/07/09 16:36:14 | 000,003,456 | ---- | C] () -- C:\Program Files\FUNK_SEV.MGU
[2002/07/09 16:30:38 | 000,021,748 | ---- | C] () -- C:\Program Files\FUNK_SEV.STY
[2002/07/09 16:03:26 | 000,005,479 | ---- | C] () -- C:\Program Files\DANCE_1.MGU
[2002/07/09 16:02:48 | 000,021,736 | ---- | C] () -- C:\Program Files\DANCE_1.STY
[2002/07/09 11:53:26 | 000,005,231 | ---- | C] () -- C:\Program Files\ZZSHFROK.MGA
[2002/07/09 11:52:56 | 000,004,804 | ---- | C] () -- C:\Program Files\ZZREGGAE.MGO
[2002/07/09 11:52:24 | 000,004,323 | ---- | C] () -- C:\Program Files\ZZPBAL12.MGM
[2002/07/09 11:52:00 | 000,004,544 | ---- | C] () -- C:\Program Files\ZZMILLYP.MGF
[2002/07/09 11:51:28 | 000,005,634 | ---- | C] () -- C:\Program Files\ZZMIAMIP.MGE
[2002/07/09 11:50:22 | 000,005,121 | ---- | C] () -- C:\Program Files\ZZIRISH.MGL
[2002/07/09 11:49:38 | 000,003,778 | ---- | C] () -- C:\Program Files\ZZETHNIC.MG5
[2002/07/09 11:49:06 | 000,005,649 | ---- | C] () -- C:\Program Files\ZZBOUNCY.MGK
[2002/07/09 11:48:32 | 000,003,280 | ---- | C] () -- C:\Program Files\ZZBLUSTR.MG7
[2002/07/09 11:16:20 | 000,005,593 | ---- | C] () -- C:\Program Files\ZZPOPBAL.MG9
[2002/07/09 11:15:40 | 000,004,964 | ---- | C] () -- C:\Program Files\ZZJAZZ.MG1
[2002/07/09 11:14:16 | 000,005,206 | ---- | C] () -- C:\Program Files\ZZFUNK.MGG
[2002/07/09 11:13:18 | 000,004,862 | ---- | C] () -- C:\Program Files\ZZCHACHA.MGJ
[2002/07/09 11:12:36 | 000,006,020 | ---- | C] () -- C:\Program Files\ZZBLUSHF.MG6
[2002/07/09 11:05:56 | 000,004,193 | ---- | C] () -- C:\Program Files\Z5BOSSA.MGU
[2002/07/09 11:04:30 | 000,004,359 | ---- | C] () -- C:\Program Files\Z4POPBAL.MGU
[2002/07/09 11:03:42 | 000,003,406 | ---- | C] () -- C:\Program Files\Z4COUN12.MGU
[2002/07/09 11:02:48 | 000,002,803 | ---- | C] () -- C:\Program Files\Z3HEVROK.MGU
[2002/07/09 11:01:52 | 000,003,852 | ---- | C] () -- C:\Program Files\Z3ETHNIC.MGU
[2002/07/09 11:00:00 | 000,004,181 | ---- | C] () -- C:\Program Files\Z3BOSSA.MGU
[2002/07/09 10:59:28 | 000,005,787 | ---- | C] () -- C:\Program Files\Z3BLUSHF.MGU
[2002/07/08 18:11:10 | 000,004,875 | ---- | C] () -- C:\Program Files\ZZOLCTRY.MGN
[2002/07/08 18:09:24 | 000,007,248 | ---- | C] () -- C:\Program Files\ZZLITROK.MGB
[2002/07/08 18:06:46 | 000,003,096 | ---- | C] () -- C:\Program Files\ZZJAZWAL.MGH
[2002/07/08 18:03:36 | 000,007,110 | ---- | C] () -- C:\Program Files\ZZBOSSA.MG4
[2002/07/08 18:00:36 | 000,003,382 | ---- | C] () -- C:\Program Files\ZZWALTZ.MG8
[2002/07/08 17:52:50 | 000,019,003 | ---- | C] () -- C:\Program Files\ZZMEDROK.MGC
[2002/07/08 17:47:10 | 000,006,661 | ---- | C] () -- C:\Program Files\ZZJAZZSW.MGU
[2002/07/08 17:42:40 | 000,004,854 | ---- | C] () -- C:\Program Files\ZZJAZOLD.MGU
[2002/07/08 17:06:42 | 000,003,330 | ---- | C] () -- C:\Program Files\ZZCOUN12.MG2
[2002/07/08 16:22:42 | 000,004,099 | ---- | C] () -- C:\Program Files\Z4BOSSA.MGU
[2002/07/03 17:55:24 | 000,003,343 | ---- | C] () -- C:\Program Files\ZZCOUN12.MGU
[2002/07/03 17:35:34 | 000,009,243 | ---- | C] () -- C:\Program Files\ZZCONTRY.MG3
[2002/07/03 17:34:42 | 000,004,558 | ---- | C] () -- C:\Program Files\ZZCHACHA.MGU
[2002/07/02 16:35:44 | 000,003,789 | ---- | C] () -- C:\Program Files\Z5ETHNIC.MGU
[2002/07/02 15:29:04 | 000,004,213 | ---- | C] () -- C:\Program Files\ZZRHUMBA.MGI
[2002/07/02 15:26:04 | 000,004,380 | ---- | C] () -- C:\Program Files\ZZHEVROK.MGD
[2002/06/25 16:26:02 | 000,036,208 | ---- | C] () -- C:\Program Files\REMEMBER.STY
[2002/06/18 18:52:24 | 000,007,675 | ---- | C] () -- C:\Program Files\BIG_BEAT.MGU
[2002/06/18 18:37:04 | 000,006,499 | ---- | C] () -- C:\Program Files\ALWAYS.MGU
[2002/06/18 18:34:22 | 000,027,935 | ---- | C] () -- C:\Program Files\ALWAYS.STY
[2002/06/18 18:29:02 | 000,006,633 | ---- | C] () -- C:\Program Files\REMEMBER.MGU
[2002/06/18 16:05:38 | 000,005,870 | ---- | C] () -- C:\Program Files\J~CELLAR.MGU
[2002/06/18 16:05:14 | 000,007,206 | ---- | C] () -- C:\Program Files\J_COMBO.MGU
[2002/06/18 14:34:10 | 000,028,055 | ---- | C] () -- C:\Program Files\j_wynt_g.STY
[2002/06/18 14:34:10 | 000,028,055 | ---- | C] () -- C:\Program Files\J_BOPPIN.STY
[2002/06/18 13:23:32 | 000,004,941 | ---- | C] () -- C:\Program Files\WANDERER.MGU
[2002/06/18 13:22:52 | 000,003,690 | ---- | C] () -- C:\Program Files\WALZFAST.MGU
[2002/06/18 13:22:14 | 000,022,518 | ---- | C] () -- C:\Program Files\WALTZIN.STY
[2002/06/18 13:17:20 | 000,002,493 | ---- | C] () -- C:\Program Files\WALTZIN.MGU
[2002/06/18 13:15:04 | 000,005,377 | ---- | C] () -- C:\Program Files\SHIMMER.MGU
[2002/06/18 13:13:46 | 000,027,234 | ---- | C] () -- C:\Program Files\SHIMMER.STY
[2002/06/18 13:04:08 | 000,005,097 | ---- | C] () -- C:\Program Files\SERENITY.MGU
[2002/06/18 13:02:32 | 000,017,437 | ---- | C] () -- C:\Program Files\SERENITY.STY
[2002/06/18 12:52:58 | 000,004,060 | ---- | C] () -- C:\Program Files\RENDEVUE.MGU
[2002/06/18 12:52:28 | 000,017,500 | ---- | C] () -- C:\Program Files\RENDEVUE.STY
[2002/06/18 12:48:38 | 000,003,968 | ---- | C] () -- C:\Program Files\NITELIFE.MGU
[2002/06/18 12:46:54 | 000,020,007 | ---- | C] () -- C:\Program Files\NITELIFE.STY
[2002/06/18 12:23:34 | 000,006,889 | ---- | C] () -- C:\Program Files\J~TRIO.MGU
[2002/06/18 12:07:36 | 000,003,475 | ---- | C] () -- C:\Program Files\J_BOPPIN.MGU
[2002/06/18 12:01:28 | 000,003,119 | ---- | C] () -- C:\Program Files\HAPPY.MGU
[2002/06/18 12:00:42 | 000,022,595 | ---- | C] () -- C:\Program Files\HAPPY.STY
[2002/06/18 11:47:52 | 000,004,978 | ---- | C] () -- C:\Program Files\ELEGANT.MGU
[2002/06/18 11:47:34 | 000,008,854 | ---- | C] () -- C:\Program Files\ELEGANT.STY
[2002/06/18 11:41:18 | 000,005,241 | ---- | C] () -- C:\Program Files\DREAMER.MGU
[2002/06/18 11:40:08 | 000,022,018 | ---- | C] () -- C:\Program Files\DREAMER.STY
[2002/06/17 15:56:26 | 000,005,761 | ---- | C] () -- C:\Program Files\BAYOU.MGU
[2002/06/17 15:55:18 | 000,031,529 | ---- | C] () -- C:\Program Files\BAYOU.STY
[2002/06/17 13:49:48 | 000,021,401 | ---- | C] () -- C:\Program Files\WANDERER.STY
[2002/06/17 13:49:38 | 000,017,938 | ---- | C] () -- C:\Program Files\WALZFAST.STY
[2002/06/17 13:46:44 | 000,019,927 | ---- | C] () -- C:\Program Files\J~TRIO.STY
[2002/06/17 13:46:14 | 000,016,743 | ---- | C] () -- C:\Program Files\J~CELLAR.STY
[2002/06/17 13:46:02 | 000,023,993 | ---- | C] () -- C:\Program Files\J_COMBO.STY
[2002/06/11 18:21:54 | 000,016,227 | ---- | C] () -- C:\Program Files\J!N_ORL.STY
[2002/06/11 18:15:58 | 000,005,066 | ---- | C] () -- C:\Program Files\J!N_ORL.MGU
[2002/02/21 13:07:22 | 000,000,153 | ---- | C] () -- C:\Program Files\BLANK.STY
[2001/11/24 12:37:38 | 000,017,381 | ---- | C] () -- C:\Program Files\titl1.txt
[2001/11/24 02:49:36 | 000,063,488 | ---- | C] () -- C:\Program Files\default.MEL
[2001/11/21 15:27:44 | 002,108,928 | ---- | C] () -- C:\Program Files\$Drums.exe
[2001/11/20 21:15:00 | 000,712,691 | ---- | C] () -- C:\Program Files\bb11up.pdf
[2001/11/18 01:13:24 | 000,002,841 | ---- | C] () -- C:\Program Files\BBW.DKL
[2001/11/15 16:36:34 | 000,035,984 | ---- | C] () -- C:\Program Files\slosw16b.STY
[2001/11/15 16:36:34 | 000,017,666 | ---- | C] () -- C:\Program Files\gitcomp1.STY
[2001/11/15 16:36:34 | 000,004,313 | ---- | C] () -- C:\Program Files\gitcomp1.MGU
[2001/11/15 14:23:34 | 000,017,254 | ---- | C] () -- C:\Program Files\j~wynt_k.STY
[2001/11/15 00:14:36 | 000,029,545 | ---- | C] () -- C:\Program Files\violet.mid
[2001/11/14 16:13:40 | 001,227,624 | ---- | C] () -- C:\Program Files\MelBalad.st2
[2001/11/14 16:06:32 | 001,332,048 | ---- | C] () -- C:\Program Files\MelBebop.st2
[2001/11/12 21:33:12 | 000,003,897 | ---- | C] () -- C:\Program Files\violet.mgu
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/05/03 16:45:10 | 000,399,872 | ---- | C] () -- C:\Program Files\TitleGen.exe
[2000/11/24 18:09:18 | 000,725,780 | ---- | C] () -- C:\Program Files\PLUGS.HLP
[2000/11/24 17:39:36 | 000,755,200 | ---- | C] () -- C:\Program Files\DXPlugx.exe
[2000/11/24 02:43:10 | 000,007,713 | ---- | C] () -- C:\Program Files\Lenny.MGU
[2000/11/24 02:01:44 | 000,012,235 | ---- | C] () -- C:\Program Files\Johnny.MGU
[2000/11/24 02:01:36 | 000,007,065 | ---- | C] () -- C:\Program Files\EdB.MG4
[2000/11/24 01:09:18 | 000,065,024 | ---- | C] () -- C:\Program Files\default.git
[2000/11/24 00:00:00 | 000,005,825 | ---- | C] () -- C:\Program Files\!FREDDIE.STY
[2000/11/24 00:00:00 | 000,005,289 | ---- | C] () -- C:\Program Files\!Freddie.MGU
[2000/11/21 17:13:00 | 000,786,994 | ---- | C] () -- C:\Program Files\bb10up.pdf
[2000/11/19 00:41:28 | 000,355,584 | ---- | C] () -- C:\Program Files\XBMPCONV.EXE
[2000/11/18 22:57:38 | 000,000,056 | ---- | C] () -- C:\Program Files\bobcolor.BBC
[2000/11/17 12:04:48 | 000,000,056 | ---- | C] () -- C:\Program Files\grey_og.bbc
[2000/11/15 12:40:46 | 000,027,133 | ---- | C] () -- C:\Program Files\amour!2.sty
[2000/11/02 17:57:08 | 000,587,776 | ---- | C] () -- C:\Program Files\Plugs2x.exe
[2000/10/27 13:44:36 | 000,696,238 | ---- | C] () -- C:\Program Files\CHORDSUB.BIN

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 12:50 pm

The extras.txt file did not come up on my desktop. I opened "Run" and typed the file name in and it did not find it. Maybe all the information you wanted was included in the OLT.txt files. (That was a thought I had. You know what's going on here, I shouldn't speculate like that.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 8th March 2010, 4:52 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 6:25 pm

ComboFix 10-03-08.01 - Owner 03/08/2010 13:14:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.536 [GMT -5:00]
Running from: c:\documents and settings\Owner.ChucksMachine1\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Defender Pro Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720C.manifest
c:\documents and settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720O.manifest
c:\documents and settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720P.manifest
c:\documents and settings\Owner.ChucksMachine1\Application Data\020000009d4b9019720S.manifest
c:\documents and settings\Owner.ChucksMachine1\Application Data\PC
c:\documents and settings\Owner.ChucksMachine1\Application Data\SystemProc
c:\program files\Internet Explorer\msimg32.dll
c:\recycler\S-1-5-21-3103660575-3559174501-3884384277-500
c:\windows\EventSystem.log
c:\windows\system32\1657417608
c:\windows\system32\1GS5mqk.vbs
c:\windows\system32\6NYc3.vbs
c:\windows\system32\BRtLmWZzM7zlfym.vbs
c:\windows\system32\download
c:\windows\system32\download\ispinfo.csv
c:\windows\system32\dTAufzwb16bs1RZ.vbs
c:\windows\system32\fDoF3JOo7g0v2.vbs
c:\windows\system32\m6oel2FxmeewWtS.vbs
c:\windows\system32\NjCzpge.vbs
c:\windows\system32\Rt2EA2QNeE1XO.vbs
c:\windows\system32\Thumbs.db
c:\windows\system32\tjV6jGzx4I54c3T.vbs
c:\windows\system32\twain_32.dll
c:\windows\system32\unrar.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Malwarebytes
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-27 21:34 . 2010-02-27 21:34 211893 ----a-w- c:\windows\system32\drivers\lhbtc.sys
2010-02-25 12:47 . 2010-03-06 15:08 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Local Settings\Application Data\gqmrxd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 17:30 . 2008-05-30 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-07 06:08 . 2007-06-07 13:24 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Skype
2010-03-04 18:07 . 2008-05-22 12:29 -------- d-----w- c:\program files\Quicken
2010-03-04 04:58 . 2009-12-28 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-04 04:52 . 2009-12-28 23:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software
2010-03-03 14:58 . 2009-02-10 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-11 18:12 . 2009-10-02 03:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Audacity
2010-02-08 14:44 . 2009-01-10 15:24 -------- d-----w- c:\program files\FinePixViewer
2010-02-08 13:51 . 2006-09-07 16:02 -------- d-----w- c:\program files\Google
2010-01-21 15:02 . 2010-01-21 15:02 50354 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\uninstall.exe
2010-01-21 15:02 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook
2010-01-14 22:42 . 2006-09-07 16:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 10:00 . 2006-06-17 09:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-06-17 09:23 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 21:22 . 2009-12-28 21:22 0 ----a-w- c:\windows\system32\C.tmp
2009-12-22 23:27 . 2009-12-22 23:27 0 ----a-w- c:\windows\system32\53.tmp
2009-12-22 23:27 . 2009-12-22 23:27 0 ----a-w- c:\windows\system32\52.tmp
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
2009-12-16 18:43 . 2006-06-17 09:35 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 23:05 . 2010-01-11 20:58 3613560 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software\Trojan Remover\rre6D0.exe
2009-12-08 19:26 . 2006-06-17 09:23 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 05:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-04-30 14:00 . 2007-03-06 14:13 768 -c--a-w- c:\program files\MySetup.DK
2009-04-30 14:00 . 2007-03-06 14:10 56 -c--a-w- c:\program files\DEFAULT.BBC
2009-04-30 14:00 . 2007-03-06 14:10 43899 -c--a-w- c:\program files\intrface.bbw
2009-04-30 14:00 . 2007-03-06 14:10 3200 -c--a-w- c:\program files\DEFAULT.ALI
2009-04-30 14:00 . 2007-05-19 17:09 81845 -c-ha-w- c:\program files\bbw.GID
2009-02-10 21:05 . 2009-02-10 21:05 499 -c--a-w- c:\program files\ActivationFile.htm
2008-01-04 15:27 . 2008-01-04 15:26 11949 -c--a-w- c:\program files\01018651.cab
2007-10-29 14:40 . 2007-10-29 14:40 193 -c--a-w- c:\program files\labeler.dpf
2007-07-25 18:46 . 2007-07-25 18:46 301692 -c--a-w- c:\program files\labeler.chm
2007-05-21 12:38 . 2007-05-21 12:38 16663 -c--a-w- c:\program files\bumminez.sty
2007-05-19 19:51 . 2007-05-19 19:51 1571504 -c--a-w- c:\program files\BBW.LSW
2007-05-14 20:48 . 2007-05-14 20:42 188 -c--a-w- c:\program files\$MIDIMON.cfg
2007-03-06 14:08 . 2002-02-10 07:00 72748 ----a-w- c:\program files\unins000.exe
2007-02-12 15:33 . 2007-02-12 15:33 221184 -c--a-w- c:\program files\db1.mdb
2004-10-25 16:54 . 2004-10-25 16:54 456 -c--a-w- c:\program files\welcome.zdw
2004-10-25 16:54 . 2004-10-25 16:54 348896 -c--a-w- c:\program files\SPLASHHI.BMP
2004-10-25 16:54 . 2004-10-25 16:54 117356 -c--a-w- c:\program files\SPLASHLO.BMP
2003-03-13 20:58 . 2003-03-13 20:58 3354896 -c--a-w- c:\program files\BBW.EXE
2003-02-11 04:12 . 2003-02-11 04:12 729600 -c--a-w- c:\program files\g32.exe
2002-11-28 17:33 . 2002-11-28 18:33 78336 -c--a-w- c:\program files\BBW.TPB
2002-11-28 17:24 . 2002-11-28 18:24 58234 -c--a-w- c:\program files\BBW.TIP
2002-11-27 19:15 . 2002-11-27 19:15 717824 -c--a-w- c:\program files\f32.exe
2002-11-27 06:48 . 2002-11-27 07:48 414752 -c--a-w- c:\program files\BBW.LST
2002-11-26 08:07 . 2002-11-26 08:07 2901589 -c--a-w- c:\program files\bbw.hlp
2002-11-26 07:42 . 2002-11-26 07:42 21357 -c--a-w- c:\program files\bbw.cnt
2002-11-26 03:00 . 2002-11-26 04:00 63488 -c--a-w- c:\program files\DEFAULT.SOL
2002-11-26 00:31 . 2002-11-26 00:31 545280 -c--a-w- c:\program files\miniburn.exe
2002-11-25 14:35 . 2002-11-25 15:35 5234337 -c--a-w- c:\program files\BB12upgrade.pdf
2002-11-24 21:32 . 2002-11-24 21:32 25659 -c--a-w- c:\program files\CREEDNCE.STY
2002-11-24 21:21 . 2002-11-24 21:21 9609 -c--a-w- c:\program files\L~BOSA4U.STY
2002-11-24 18:15 . 2002-11-24 18:15 26299 -c--a-w- c:\program files\JAZFOURC.STY
2002-11-24 18:11 . 2002-11-24 18:11 24779 -c--a-w- c:\program files\JAZFOURB.STY
2002-11-24 18:07 . 2002-11-24 18:07 20446 -c--a-w- c:\program files\JAZFOURA.STY
2002-11-22 23:13 . 2002-11-22 23:13 12479 -c--a-w- c:\program files\UKE_FAST.STY
2002-11-22 22:25 . 2002-11-22 22:25 15500 -c--a-w- c:\program files\MANDOLIN.STY
2002-11-22 21:39 . 2002-11-22 21:39 17013 -c--a-w- c:\program files\12ST&BAN.STY
2002-11-22 20:34 . 2002-11-22 20:34 18761 -c--a-w- c:\program files\BANJ&MAN.STY
2002-11-22 20:19 . 2002-11-22 20:19 23992 -c--a-w- c:\program files\BLUGRAS5.STY
2002-11-22 19:43 . 2002-11-22 19:43 8084 -c--a-w- c:\program files\SOLO_UKE.STY
2002-11-22 19:39 . 2002-11-22 19:39 9556 -c--a-w- c:\program files\UKE&BASS.STY
2002-11-22 19:26 . 2002-11-22 20:26 5327 -c--a-w- c:\program files\v_test.MGU
2002-11-22 01:37 . 2002-11-22 01:37 10773 -c--a-w- c:\program files\LOTUS.STY
2002-11-21 23:16 . 2002-11-21 23:16 14112 -c--a-w- c:\program files\GOSSAMER.STY
2002-11-21 23:06 . 2002-11-21 23:06 22666 -c--a-w- c:\program files\JOHNBAL.STY
2002-11-21 16:23 . 2002-11-21 17:23 29791 -c--a-w- c:\program files\CHUKSHUF.STY
2002-11-21 16:21 . 2002-11-21 17:21 8672 -c--a-w- c:\program files\CHUKSHUF.MGU
2002-11-20 04:14 . 2002-11-20 05:14 21278 -c--a-w- c:\program files\viol_sav.sty
2002-11-20 03:56 . 2002-11-20 04:56 343434 -c--a-w- c:\program files\MiniBurnHelp.hlp
2002-11-15 21:51 . 2002-11-15 21:51 15401 -c--a-w- c:\program files\SWING~EZ.STY
2002-11-15 21:22 . 2002-11-15 21:22 19825 -c--a-w- c:\program files\J~BREEZY.STY
2002-11-15 20:41 . 2002-11-15 21:41 8124 -c--a-w- c:\program files\GARNER~.MGU
2002-11-15 20:07 . 2002-11-15 21:07 15410 -c--a-w- c:\program files\GARNER~.STY
2002-11-14 18:56 . 2002-11-14 18:56 15756 -c--a-w- c:\program files\MILITARY.STY
2002-11-14 18:51 . 2002-11-14 18:51 13753 -c--a-w- c:\program files\J~GITWLZ.STY
2002-11-14 18:48 . 2002-11-14 18:48 22621 -c--a-w- c:\program files\JOHNLEN.STY
2002-11-14 18:21 . 2002-11-14 19:21 5826 -c--a-w- c:\program files\JAZFOURS.MGU
2002-11-14 18:19 . 2002-11-14 18:19 17098 -c--a-w- c:\program files\HAWAISLO.STY
2002-11-14 17:51 . 2002-11-14 18:51 20075 -c--a-w- c:\program files\J~BAS&BR.MGU
2002-11-14 17:46 . 2002-11-14 18:46 19099 -c--a-w- c:\program files\JAZFOURS.STY
2002-11-14 17:42 . 2002-11-14 17:42 18521 -c--a-w- c:\program files\CAMPFIRE.STY
2002-11-14 17:39 . 2002-11-14 17:39 25110 -c--a-w- c:\program files\BO_D.STY
2002-11-14 16:37 . 2002-11-14 17:37 28849 -c--a-w- c:\program files\BEEBROK5.STY
2002-11-14 16:32 . 2002-11-14 17:32 29713 -c--a-w- c:\program files\BEEBROK4.STY
2002-11-13 22:55 . 2002-11-13 22:55 16189 -c--a-w- c:\program files\P_NEILD1.STY
2002-11-13 20:49 . 2002-11-13 20:49 20531 -c--a-w- c:\program files\COZY_SW.STY
2002-11-13 06:55 . 2002-11-13 06:55 9252 -c--a-w- c:\program files\DRUMSOLJ.STY
2002-11-13 05:03 . 2002-11-13 06:03 9490 -c--a-w- c:\program files\J~BAS&BR.STY
2002-11-12 06:44 . 2002-11-12 06:44 30093 -c--a-w- c:\program files\DREAM.STY
2002-11-12 06:02 . 2002-11-12 06:02 38902 -c--a-w- c:\program files\BIGBAND1.STY
2002-11-12 05:37 . 2002-11-12 05:37 19870 -c--a-w- c:\program files\JOHNNYH.STY
2002-11-08 01:17 . 2002-11-08 01:17 12877 -c--a-w- c:\program files\POP_SADE.STY
2002-11-08 01:01 . 2002-11-08 01:01 5572 -c--a-w- c:\program files\ROKTRIO1.STY
2002-11-06 23:37 . 2002-11-06 23:37 21449 -c--a-w- c:\program files\DIXIDUKE.STY
2002-11-06 03:50 . 2002-11-06 03:50 468992 -c--a-w- c:\program files\MIDIConv.exe
2010-02-26 11:43 . 2010-02-26 11:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-18 23423528]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-26 536576]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-26 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lhbtc.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 22:34 16143872 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [3/3/2008 1:51 PM 39472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2009 5:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2009 5:53 PM 108552]
R1 lhbtc;lhbtc;c:\windows\system32\drivers\lhbtc.sys [2/27/2010 4:34 PM 211893]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/10/2009 5:53 PM 297752]
R2 MELCS;MailEnable List Connector;c:\program files\Mail Enable\Bin\MELSC.exe [11/24/2006 9:12 AM 155648]
R2 MEMTAS;MailEnable Mail Transfer Agent;c:\program files\Mail Enable\Bin\MEMTA.exe [11/24/2006 9:12 AM 163840]
R2 MEPOCS;MailEnable Postoffice Connector;c:\program files\Mail Enable\Bin\MEPOC.exe [11/24/2006 9:12 AM 434236]
R2 MEPOPS;MailEnable POP Service;c:\program files\Mail Enable\Bin\MEPOPS.exe [11/24/2006 9:12 AM 212992]
R2 MESMTPCS;MailEnable SMTP Connector;c:\program files\Mail Enable\Bin\MESMTPC.exe [11/24/2006 9:12 AM 458752]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 8:43 AM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\OWNER~1.CHU\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\OWNER~1.CHU\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2010 6:39 AM 30192]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-10-17 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-17 02:35]

2010-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 22:25]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2006-11-23 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

2006-11-23 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-08 13:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-08 13:22:30
ComboFix-quarantined-files.txt 2010-03-08 18:22

Pre-Run: 91,803,590,656 bytes free
Post-Run: 92,187,013,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 6E2496AF6A619016EC8281465AA96D8F

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 6:27 pm

Hop I did that right

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 8th March 2010, 6:54 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    KILLALL::

    File::
    c:\windows\system32\drivers\lhbtc.sys
    c:\windows\system32\C.tmp
    c:\windows\system32\53.tmp
    c:\windows\system32\52.tmp

    Folder::
    c:\documents and settings\Owner.ChucksMachine1\Local Settings\Application Data\gqmrxd

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lhbtc.sys]

    Driver::
    lhbtc
    SessionLauncher

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 11:09 pm

When trying to sutdown all my anti-virus I was promped that a Defender Pro anti-virus was running. I went into the control panel and the application that allows me to delete a file. I had this as a anti-virus program a couple years ago. I came up as A backup file and I could not delete it, it just said that maintenance was done to the file. I went ahead with the whole process anyway and here are the log files.

ComboFix 10-03-08.01 - Owner 03/08/2010 17:45:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.515 [GMT -5:00]
Running from: c:\documents and settings\Owner.ChucksMachine1\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner.ChucksMachine1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Defender Pro Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Defender Pro Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\52.tmp"
"c:\windows\system32\53.tmp"
"c:\windows\system32\C.tmp"
"c:\windows\system32\drivers\lhbtc.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.ChucksMachine1\Local Settings\Application Data\gqmrxd
c:\windows\system32\52.tmp
c:\windows\system32\53.tmp
c:\windows\system32\C.tmp
c:\windows\system32\drivers\lhbtc.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LHBTC
-------\Legacy_SESSIONLAUNCHER
-------\Service_lhbtc
-------\Service_SessionLauncher


((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 18:33 . 2010-03-08 18:33 -------- d-----w- c:\program files\Trojan Remover
2010-03-08 18:33 . 2010-03-08 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Malwarebytes
2010-03-07 05:33 . 2010-03-07 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 22:57 . 2007-06-07 13:24 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Skype
2010-03-08 17:30 . 2008-05-30 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-04 18:07 . 2008-05-22 12:29 -------- d-----w- c:\program files\Quicken
2010-03-04 04:58 . 2009-12-28 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-04 04:52 . 2009-12-28 23:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software
2010-03-03 14:58 . 2009-02-10 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-11 18:12 . 2009-10-02 03:14 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Audacity
2010-02-08 14:44 . 2009-01-10 15:24 -------- d-----w- c:\program files\FinePixViewer
2010-02-08 13:51 . 2006-09-07 16:02 -------- d-----w- c:\program files\Google
2010-01-21 15:02 . 2010-01-21 15:02 50354 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\uninstall.exe
2010-01-21 15:02 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook
2010-01-14 22:42 . 2006-09-07 16:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 10:00 . 2006-06-17 09:23 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-06-17 09:23 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
2009-12-16 18:43 . 2006-06-17 09:35 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 23:05 . 2010-01-11 20:58 3613560 ----a-w- c:\documents and settings\Owner.ChucksMachine1\Application Data\Simply Super Software\Trojan Remover\rre6D0.exe
2009-04-30 14:00 . 2007-03-06 14:13 768 -c--a-w- c:\program files\MySetup.DK
2009-04-30 14:00 . 2007-03-06 14:10 56 -c--a-w- c:\program files\DEFAULT.BBC
2009-04-30 14:00 . 2007-03-06 14:10 43899 -c--a-w- c:\program files\intrface.bbw
2009-04-30 14:00 . 2007-03-06 14:10 3200 -c--a-w- c:\program files\DEFAULT.ALI
2009-04-30 14:00 . 2007-05-19 17:09 81845 -c-ha-w- c:\program files\bbw.GID
2009-02-10 21:05 . 2009-02-10 21:05 499 -c--a-w- c:\program files\ActivationFile.htm
2008-01-04 15:27 . 2008-01-04 15:26 11949 -c--a-w- c:\program files\01018651.cab
2007-10-29 14:40 . 2007-10-29 14:40 193 -c--a-w- c:\program files\labeler.dpf
2007-07-25 18:46 . 2007-07-25 18:46 301692 -c--a-w- c:\program files\labeler.chm
2007-05-21 12:38 . 2007-05-21 12:38 16663 -c--a-w- c:\program files\bumminez.sty
2007-05-19 19:51 . 2007-05-19 19:51 1571504 -c--a-w- c:\program files\BBW.LSW
2007-05-14 20:48 . 2007-05-14 20:42 188 -c--a-w- c:\program files\$MIDIMON.cfg
2007-03-06 14:08 . 2002-02-10 07:00 72748 ----a-w- c:\program files\unins000.exe
2007-02-12 15:33 . 2007-02-12 15:33 221184 -c--a-w- c:\program files\db1.mdb
2004-10-25 16:54 . 2004-10-25 16:54 456 -c--a-w- c:\program files\welcome.zdw
2004-10-25 16:54 . 2004-10-25 16:54 348896 -c--a-w- c:\program files\SPLASHHI.BMP
2004-10-25 16:54 . 2004-10-25 16:54 117356 -c--a-w- c:\program files\SPLASHLO.BMP
2003-03-13 20:58 . 2003-03-13 20:58 3354896 -c--a-w- c:\program files\BBW.EXE
2003-02-11 04:12 . 2003-02-11 04:12 729600 -c--a-w- c:\program files\g32.exe
2002-11-28 17:33 . 2002-11-28 18:33 78336 -c--a-w- c:\program files\BBW.TPB
2002-11-28 17:24 . 2002-11-28 18:24 58234 -c--a-w- c:\program files\BBW.TIP
2002-11-27 19:15 . 2002-11-27 19:15 717824 -c--a-w- c:\program files\f32.exe
2002-11-27 06:48 . 2002-11-27 07:48 414752 -c--a-w- c:\program files\BBW.LST
2002-11-26 08:07 . 2002-11-26 08:07 2901589 -c--a-w- c:\program files\bbw.hlp
2002-11-26 07:42 . 2002-11-26 07:42 21357 -c--a-w- c:\program files\bbw.cnt
2002-11-26 03:00 . 2002-11-26 04:00 63488 -c--a-w- c:\program files\DEFAULT.SOL
2002-11-26 00:31 . 2002-11-26 00:31 545280 -c--a-w- c:\program files\miniburn.exe
2002-11-25 14:35 . 2002-11-25 15:35 5234337 -c--a-w- c:\program files\BB12upgrade.pdf
2002-11-24 21:32 . 2002-11-24 21:32 25659 -c--a-w- c:\program files\CREEDNCE.STY
2002-11-24 21:21 . 2002-11-24 21:21 9609 -c--a-w- c:\program files\L~BOSA4U.STY
2002-11-24 18:15 . 2002-11-24 18:15 26299 -c--a-w- c:\program files\JAZFOURC.STY
2002-11-24 18:11 . 2002-11-24 18:11 24779 -c--a-w- c:\program files\JAZFOURB.STY
2002-11-24 18:07 . 2002-11-24 18:07 20446 -c--a-w- c:\program files\JAZFOURA.STY
2002-11-22 23:13 . 2002-11-22 23:13 12479 -c--a-w- c:\program files\UKE_FAST.STY
2002-11-22 22:25 . 2002-11-22 22:25 15500 -c--a-w- c:\program files\MANDOLIN.STY
2002-11-22 21:39 . 2002-11-22 21:39 17013 -c--a-w- c:\program files\12ST&BAN.STY
2002-11-22 20:34 . 2002-11-22 20:34 18761 -c--a-w- c:\program files\BANJ&MAN.STY
2002-11-22 20:19 . 2002-11-22 20:19 23992 -c--a-w- c:\program files\BLUGRAS5.STY
2002-11-22 19:43 . 2002-11-22 19:43 8084 -c--a-w- c:\program files\SOLO_UKE.STY
2002-11-22 19:39 . 2002-11-22 19:39 9556 -c--a-w- c:\program files\UKE&BASS.STY
2002-11-22 19:26 . 2002-11-22 20:26 5327 -c--a-w- c:\program files\v_test.MGU
2002-11-22 01:37 . 2002-11-22 01:37 10773 -c--a-w- c:\program files\LOTUS.STY
2002-11-21 23:16 . 2002-11-21 23:16 14112 -c--a-w- c:\program files\GOSSAMER.STY
2002-11-21 23:06 . 2002-11-21 23:06 22666 -c--a-w- c:\program files\JOHNBAL.STY
2002-11-21 16:23 . 2002-11-21 17:23 29791 -c--a-w- c:\program files\CHUKSHUF.STY
2002-11-21 16:21 . 2002-11-21 17:21 8672 -c--a-w- c:\program files\CHUKSHUF.MGU
2002-11-20 04:14 . 2002-11-20 05:14 21278 -c--a-w- c:\program files\viol_sav.sty
2002-11-20 03:56 . 2002-11-20 04:56 343434 -c--a-w- c:\program files\MiniBurnHelp.hlp
2002-11-15 21:51 . 2002-11-15 21:51 15401 -c--a-w- c:\program files\SWING~EZ.STY
2002-11-15 21:22 . 2002-11-15 21:22 19825 -c--a-w- c:\program files\J~BREEZY.STY
2002-11-15 20:41 . 2002-11-15 21:41 8124 -c--a-w- c:\program files\GARNER~.MGU
2002-11-15 20:07 . 2002-11-15 21:07 15410 -c--a-w- c:\program files\GARNER~.STY
2002-11-14 18:56 . 2002-11-14 18:56 15756 -c--a-w- c:\program files\MILITARY.STY
2002-11-14 18:51 . 2002-11-14 18:51 13753 -c--a-w- c:\program files\J~GITWLZ.STY
2002-11-14 18:48 . 2002-11-14 18:48 22621 -c--a-w- c:\program files\JOHNLEN.STY
2002-11-14 18:21 . 2002-11-14 19:21 5826 -c--a-w- c:\program files\JAZFOURS.MGU
2002-11-14 18:19 . 2002-11-14 18:19 17098 -c--a-w- c:\program files\HAWAISLO.STY
2002-11-14 17:51 . 2002-11-14 18:51 20075 -c--a-w- c:\program files\J~BAS&BR.MGU
2002-11-14 17:46 . 2002-11-14 18:46 19099 -c--a-w- c:\program files\JAZFOURS.STY
2002-11-14 17:42 . 2002-11-14 17:42 18521 -c--a-w- c:\program files\CAMPFIRE.STY
2002-11-14 17:39 . 2002-11-14 17:39 25110 -c--a-w- c:\program files\BO_D.STY
2002-11-14 16:37 . 2002-11-14 17:37 28849 -c--a-w- c:\program files\BEEBROK5.STY
2002-11-14 16:32 . 2002-11-14 17:32 29713 -c--a-w- c:\program files\BEEBROK4.STY
2002-11-13 22:55 . 2002-11-13 22:55 16189 -c--a-w- c:\program files\P_NEILD1.STY
2002-11-13 20:49 . 2002-11-13 20:49 20531 -c--a-w- c:\program files\COZY_SW.STY
2002-11-13 06:55 . 2002-11-13 06:55 9252 -c--a-w- c:\program files\DRUMSOLJ.STY
2002-11-13 05:03 . 2002-11-13 06:03 9490 -c--a-w- c:\program files\J~BAS&BR.STY
2002-11-12 06:44 . 2002-11-12 06:44 30093 -c--a-w- c:\program files\DREAM.STY
2002-11-12 06:02 . 2002-11-12 06:02 38902 -c--a-w- c:\program files\BIGBAND1.STY
2002-11-12 05:37 . 2002-11-12 05:37 19870 -c--a-w- c:\program files\JOHNNYH.STY
2002-11-08 01:17 . 2002-11-08 01:17 12877 -c--a-w- c:\program files\POP_SADE.STY
2002-11-08 01:01 . 2002-11-08 01:01 5572 -c--a-w- c:\program files\ROKTRIO1.STY
2002-11-06 23:37 . 2002-11-06 23:37 21449 -c--a-w- c:\program files\DIXIDUKE.STY
2002-11-06 03:50 . 2002-11-06 03:50 468992 -c--a-w- c:\program files\MIDIConv.exe
2002-10-27 02:52 . 2002-10-27 03:52 13556 -c--a-w- c:\program files\Night_t.MGU
2002-10-25 08:39 . 2002-10-25 09:39 516096 -c--a-w- c:\program files\CDWriterXP.ocx
2002-08-16 18:04 . 2002-08-16 19:04 15167 -c--a-w- c:\program files\J!~HOAGY.STY
2002-08-16 18:04 . 2002-08-16 19:04 12765 -c--a-w- c:\program files\J!~HOAGY.MGU
2002-08-16 18:04 . 2002-08-16 19:04 7979 -c--a-w- c:\program files\J!~BENNY.MGU
2010-02-26 11:43 . 2010-02-26 11:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-18 23423528]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-26 536576]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-26 30192]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 22:34 16143872 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [3/3/2008 1:51 PM 39472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2009 5:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2009 5:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/10/2009 5:53 PM 297752]
R2 MELCS;MailEnable List Connector;c:\program files\Mail Enable\Bin\MELSC.exe [11/24/2006 9:12 AM 155648]
R2 MEMTAS;MailEnable Mail Transfer Agent;c:\program files\Mail Enable\Bin\MEMTA.exe [11/24/2006 9:12 AM 163840]
R2 MEPOCS;MailEnable Postoffice Connector;c:\program files\Mail Enable\Bin\MEPOC.exe [11/24/2006 9:12 AM 434236]
R2 MEPOPS;MailEnable POP Service;c:\program files\Mail Enable\Bin\MEPOPS.exe [11/24/2006 9:12 AM 212992]
R2 MESMTPCS;MailEnable SMTP Connector;c:\program files\Mail Enable\Bin\MESMTPC.exe [11/24/2006 9:12 AM 458752]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 8:43 AM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2010 6:39 AM 30192]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-10-17 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-17 02:35]

2010-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 22:25]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 13:43]

2006-11-23 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

2006-11-23 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.ChucksMachine1\Application Data\Mozilla\Firefox\Profiles\2jcs7d77.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Owner.ChucksMachine1\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-08 17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\zHotkey.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\eHome\ehRec.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
.
**************************************************************************
.
Completion time: 2010-03-08 18:01:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 23:01
ComboFix2.txt 2010-03-08 18:22

Pre-Run: 92,191,875,072 bytes free
Post-Run: 92,061,433,856 bytes free

- - End Of File - - 3B37F466D73435F36DC7363020BFDCB0

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 8th March 2010, 11:13 pm

Am I doing OK with my end of this process?

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 9th March 2010, 3:20 pm

Hello.

Please post Extras.txt that OTL made for you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 9th March 2010, 6:37 pm

OTL Extras logfile created on: 3/7/2010 11:47:58 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Owner.ChucksMachine1\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 83.68 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 3.24 Gb Free Space | 61.37% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHUCKSMACHINE1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" = C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe:*:Enabled:RoxioUpnpService10 -- (Sonic Solutions)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1157645705\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1157645705\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe" = C:\Documents and Settings\Owner.ChucksMachine1\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe" = C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe:*:Enabled:Defender Pro -- File not found
"K:\Limewire\LimeWire.exe" = K:\Limewire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" = C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe:*:Enabled:RoxioUpnpService10 -- (Sonic Solutions)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0CD8A170-E470-11DB-3D6C-00D529464AE1}" = Notation Musician 2.5.2
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2007
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{848139E5-DC9D-44E6-934E-F64BB648ED6E}_is1" = CD & DVD Label Maker 1.2
"{882AB1AC-2859-4747-B13A-72EE343A9CD2}" = Notation Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92A40DC2-0ECD-4602-A79E-1DC53545C6EE}" = eXplorist Wizard
"{94CD45D0-58D3-11D5-B35E-00E02934C09B}" = MapSend Topo US
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.13
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{AFD070DC-12D0-408A-A425-CF3FA3713515}" = Identity Theft Protector 2.0
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C769A271-7E1C-48F9-B331-474600DD4C01}" = Microsoft Picture It! Publishing Platinum 2002
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C94C253C-069F-4C02-8E5B-C1D056827643}" = Wal-Mart Digital Photo Manager
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E89E02CE-0432-4939-B85A-0040248EF499}" = Defender Pro PC Backup 8.5
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F979ACC9-A874-457A-9BE1-7FD2085F126F}" = MapSend DirectRoute North America
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"All That Chords!_is1" = All That Chords! 3.2
"Any Video Converter_is1" = Any Video Converter 2.7.3
"Applet_App" = Applet_App
"Applet_Copy" = Applet_Copy
"Applet_Creativity" = Applet_Creativity
"Applet_Email" = Applet_Email
"Applet_Epp" = Applet_Epp
"Applet_File" = Applet_File
"Applet_OCR" = Applet_OCR
"Applet_Web" = Applet_Web
"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audacity_1-2" = NSIS Audacity_1-2
"AudioLabel" = AudioLabel
"AVG8Uninstall" = AVG 8.5
"BB_is1" = Band-in-a-Box 12
"BestPractice" = BestPractice (remove only)
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Copy Utility" = Copy Utility
"EPSON Photo Print" = EPSON Photo Print
"EPSON Smart Panel" = EPSON Smart Panel
"Finale NotePad 2008" = Finale NotePad 2008
"Gateway Game Console" = Gateway Game Console
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{AFD070DC-12D0-408A-A425-CF3FA3713515}" = Identity Theft Protector 2.0
"Logitech Print Service" = Logitech Print Service
"MailEnable Messaging Services for Windows NT/2000" = MailEnable Messaging Services for Windows NT/2000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Musicnotes Player_is1" = Musicnotes Player V1.23.1 and Viewer
"Neuratron PhotoScore MIDI Lite" = Neuratron PhotoScore MIDI Lite
"Neuratron PhotoScore MIDI Lite Demo" = Neuratron PhotoScore MIDI Lite Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PF1250-1650 Guide" = PF1250-1650 Guide
"Picasa 3" = Picasa 3
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer Basic
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Switch" = Switch Sound File Converter
"Topo USA 2.0" = Topo USA 2.0
"Trojan Remover_is1" = Trojan Remover 6.8.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e374603681e1f1bd" = Steel-Link.com Suite
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2010 10:48:20 AM | Computer Name = CHUCKSMACHINE1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/13/2010 10:48:20 AM | Computer Name = CHUCKSMACHINE1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/13/2010 10:48:21 AM | Computer Name = CHUCKSMACHINE1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/13/2010 10:48:26 AM | Computer Name = CHUCKSMACHINE1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/13/2010 10:48:58 AM | Computer Name = CHUCKSMACHINE1 | Source = Google Update | ID = 20
Description =

Error - 2/25/2010 8:47:18 AM | Computer Name = CHUCKSMACHINE1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/25/2010 8:47:18 AM | Computer Name = CHUCKSMACHINE1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 3/3/2010 11:31:08 AM | Computer Name = CHUCKSMACHINE1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02bf29c0.

Error - 3/4/2010 1:29:39 AM | Computer Name = CHUCKSMACHINE1 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2010 1:32:49 AM | Computer Name = CHUCKSMACHINE1 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/4/2010 12:27:59 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 3/4/2010 12:27:59 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 3/4/2010 12:28:02 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 3/6/2010 8:46:04 AM | Computer Name = CHUCKSMACHINE1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.254.100
on the Network Card with network address 001676CF7A6C.

Error - 3/7/2010 1:43:17 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 3/7/2010 1:43:17 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 3/7/2010 1:43:20 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 3/7/2010 2:07:59 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 3/7/2010 2:07:59 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 3/7/2010 2:08:02 AM | Computer Name = CHUCKSMACHINE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
eeCtrl
hpn
i2omp
ini910u
IntelIde
mraid35x
Pcmcia
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 9th March 2010, 7:31 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 2
    Viewpoint Media Player

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5.8 you currently have installed, so you won't lose any bookmarked websites.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 9th March 2010, 9:03 pm

I have done everything down to the Firefox 3.6 installation . When I attempt to open the Firefox 3.6 excute program I get a pop up box that says, "File is Corrupt." I haven't done the ComboFix/uninstall yet because it was at the bottom of the list. By the way. should I delete all the execute files from the malware programs I've been downloading for this project. By the way, when I was setting up the download for the program you advised, I did not see the Windows Offline Installation option available. I selected windows.


Last edited by chuckmac on 9th March 2010, 9:11 pm; edited 1 time in total (Reason for editing : I added the "By the Way" comment at the end of the paragraph)

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by chuckmac on 9th March 2010, 10:13 pm

I have done everything. I deleted the first firefox 3.6.exe file because I got a corrupted file message. I downloaded it from another site and installed it. I did the ComboFix uninstall. I do have another problem. Some time ago I had used Defender Pro as a antivirus program and when it was time to renew I used the program's delete function. Evidently it did not remove the whole program. Unknown to me, there is a Defender Pro Backup file running and I tried to delete it with the Install/Remove program and it just comes up with a box saying Maintenance has been completed for the Defender Pro program. The last two or three times we used a malware removal function that program was running in the background.

chuckmac
Novice
Novice

Posts Posts : 47
Joined Joined : 2010-02-25
OS OS : windows xp
Points Points : 25461
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32/nugel.e removal

Post by Belahzur on 10th March 2010, 12:34 am

Hello.

Yeah, I see it in the Combofix now, we can fully remove it now.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    SecCenter::
    {2C4D4BC6-0793-4956-A9F9-E252435469C0}
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum