Infected with something - not sure what...

View previous topic View next topic Go down

Infected with something - not sure what...

Post by tom_white on 2nd July 2010, 1:21 pm

Infected with something - not sure what...

Symptoms: An instance of svchost keeps getting bigger (several hundred thousand KB) until cpu finally locks up. A program called Just-In-Time Debugger keeps popping up. Supposedly its related to Visual Studio but I've never installed that program. Problems seem to have started when I updated to AVG9 - tried un-installing but didn't seem to help. AVG9 finds infections occasionally throughout the day but I still seem to be infected.

Any help is greatly appreciated. Here are the two OTL logs...

OTL logfile created on: 7/2/2010 7:35:55 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\-
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.15 Gb Total Space | 19.21 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM
Current User Name: Tom White
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/02 07:33:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\-\OTL.exe
PRC - [2010/06/30 13:48:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/30 13:48:23 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/30 13:48:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/30 13:48:17 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/30 13:47:59 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/30 13:47:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr .exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/03/02 08:39:13 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2001/12/12 10:37:14 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/02 07:33:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\-\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/01 13:06:44 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/06/30 13:47:28 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/02 08:39:13 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/09/29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/08/04 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2001/12/12 10:37:14 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/06/30 13:49:32 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/30 13:49:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/30 13:49:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/07 10:43:42 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/16 11:31:59 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/28 17:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 17:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/16 15:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/20 02:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/30 13:57:42 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 19:05:24 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/06/27 16:41:20 | 000,213,472 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [1999/03/07 23:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={7B16B63D-2A02-EF3D-4B2E-C9D39B572137}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/30 13:47:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/30 13:49:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 21:36:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 21:36:12 | 000,000,000 | ---D | M]

[2008/08/13 06:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Extensions
[2010/07/02 06:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions
[2010/02/18 01:42:02 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/17 10:01:16 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/03/17 10:00:47 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/01/02 08:54:22 | 000,000,000 | ---D | M] (OSU_Black) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{4520cd5e-a360-11dc-8314-0800200c9a66}
[2010/06/29 08:12:56 | 000,000,000 | ---D | M] (Noscript) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/29 12:51:27 | 000,000,000 | ---D | M] (Noscript) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/06/28 08:56:17 | 000,000,000 | ---D | M] (Noscript) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2010/03/08 10:06:21 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/03/22 09:37:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010/03/22 09:37:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2010/05/01 01:23:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/26 07:22:40 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/07/02 06:32:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/03 04:10:10 | 000,741,376 | ---- | M] (Lizardtech Software) -- C:\Program Files\Mozilla Firefox\plugins\npexview.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/08/07 15:48:39 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/08/07 15:48:39 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2009/07/13 20:07:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CAB Class) - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - C:\WINDOWS\system32\e7wjN8p8.dll (TODO: )
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr .exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tom White\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} [You must be registered and logged in to see this link.] (YAutoImport Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [You must be registered and logged in to see this link.] (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} [You must be registered and logged in to see this link.] (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} [You must be registered and logged in to see this link.] (CamImage Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} [You must be registered and logged in to see this link.] (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom White\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom White\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4v32.dll ()
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {13BD97E4-CFC4-0D51-D795-00DC2E4DC510} - Viewpoint Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3A8EA1A2-9916-B088-6BE8-6FD9F5AB4E27} - NetShow
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {46068D8E-38F7-4778-3840-E381594C2B8D} - Viewpoint Media Player
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5C97FDD-BA44-E3FC-0CA9-02A069CB6CB7} - Vector Graphics Rendering (VML)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.DRV (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\I263_32.DRV (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/01 13:00:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/01 11:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\Local Settings\Application Data\Topalt
[2010/07/01 11:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\My Documents\VCF Files
[2010/07/01 11:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Topalt
[2010/07/01 11:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Outlook Security Manager
[2010/07/01 11:41:51 | 001,668,096 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2010/07/01 11:41:51 | 001,458,688 | ---- | C] (Osen Kusnadi) -- C:\WINDOWS\System32\osenxpsuite2007.ocx
[2010/07/01 11:41:51 | 000,718,848 | ---- | C] (Osen Kusnadi) -- C:\WINDOWS\System32\osenxpzuite2007.dll
[2010/07/01 11:41:51 | 000,247,296 | ---- | C] (Osen Kusnadi) -- C:\WINDOWS\System32\osenxpsuite2007.dll
[2010/07/01 11:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools vCard Export
[2010/07/01 07:57:20 | 000,122,880 | ---- | C] (TODO: ) -- C:\WINDOWS\System32\e7wjN8p8.dll
[2010/06/30 17:05:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/30 14:31:53 | 000,324,608 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\unSpySweeper.exe
[2010/06/30 14:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/06/30 14:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\Local Settings\Application Data\AVG Security Toolbar
[2010/06/30 13:49:32 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/30 13:49:29 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/30 13:49:22 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/30 13:49:20 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/30 13:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/30 13:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/30 13:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/29 19:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/29 19:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/29 12:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/06/29 12:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/29 12:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\My Documents\My Art
[2010/06/10 15:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\My Documents\NPS
[2010/06/10 15:27:33 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/06/10 15:26:00 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys
[2010/06/10 15:26:00 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys
[2010/06/10 15:26:00 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys
[2010/06/10 15:26:00 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys
[2010/06/10 15:26:00 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys
[2010/06/10 15:26:00 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys
[2010/06/10 15:26:00 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys
[2010/06/10 15:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/06/10 15:25:52 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/06/10 15:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\My Documents\My NPS Files
[2010/06/10 15:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\Application Data\Samsung
[2010/06/10 15:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/06/10 15:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/06/10 15:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\Local Settings\Application Data\Downloaded Installations
[2010/06/08 10:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom White\Application Data\FileOpen
[2010/06/08 10:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/08 10:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpen

tom_white
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-07-02
OS OS : Windows XP SP3
Points Points : 23578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with something - not sure what...

Post by tom_white on 2nd July 2010, 1:23 pm

(OTL.txt continued)...

========== Files - Modified Within 30 Days ==========

[2010/07/02 07:30:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 07:27:39 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/02 07:27:08 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/02 07:27:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/02 07:26:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/02 07:26:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At344.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At320.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At296.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At272.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At248.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/07/02 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/07/02 06:47:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 06:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/07/02 06:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At343.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At319.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At295.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At271.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At247.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/07/02 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/07/02 05:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At342.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At318.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At294.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At270.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At246.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/07/02 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/07/02 04:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At341.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At317.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At293.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At269.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At245.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/07/02 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/07/02 03:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At340.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At316.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At292.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At268.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At244.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/07/02 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/07/02 02:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At339.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At315.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At291.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At267.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At243.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/07/02 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/07/02 01:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At338.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At314.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At290.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At266.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At242.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/07/02 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/07/02 00:54:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At289.job
[2010/07/02 00:52:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/07/02 00:52:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/07/02 00:50:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At265.job
[2010/07/02 00:46:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
[2010/07/02 00:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/07/02 00:44:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At241.job
[2010/07/02 00:42:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/07/02 00:39:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/07/02 00:38:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At337.job
[2010/07/02 00:35:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At313.job
[2010/07/02 00:31:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/07/02 00:29:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
[2010/07/02 00:24:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/07/02 00:16:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2010/07/01 23:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At360.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At336.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At312.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At288.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At264.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/07/01 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/07/01 22:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At359.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At335.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At311.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At287.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At263.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/07/01 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/07/01 21:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At358.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At334.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At310.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At286.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At262.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/07/01 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/07/01 20:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At357.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At333.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At309.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At285.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At261.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/07/01 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/07/01 19:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At356.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At332.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At308.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At284.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At260.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/07/01 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/07/01 18:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/07/01 18:31:22 | 061,576,647 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At355.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At331.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At307.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At283.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At259.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/07/01 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/07/01 17:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At354.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At330.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At306.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At282.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At258.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/07/01 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/07/01 16:48:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/01 16:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At353.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At329.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At305.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At281.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At257.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/07/01 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/07/01 15:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At352.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At328.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At304.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At280.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At256.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/07/01 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/07/01 14:46:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/07/01 14:38:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At326.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At351.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At327.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At303.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At279.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At255.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/07/01 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/07/01 13:46:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/07/01 13:06:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/07/01 13:06:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/07/01 13:06:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/07/01 13:06:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/07/01 13:06:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At350.job
[2010/07/01 13:06:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At302.job
[2010/07/01 13:06:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At278.job
[2010/07/01 13:06:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At254.job
[2010/07/01 13:06:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
[2010/07/01 13:06:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
[2010/07/01 13:05:46 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2010/07/01 13:05:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/07/01 13:05:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/07/01 13:05:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/07/01 12:46:28 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/07/01 12:09:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/07/01 12:08:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/07/01 12:08:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/07/01 12:08:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At349.job
[2010/07/01 12:08:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At325.job
[2010/07/01 12:07:44 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At301.job
[2010/07/01 12:07:44 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At277.job
[2010/07/01 12:07:38 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At253.job
[2010/07/01 12:07:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
[2010/07/01 12:06:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
[2010/07/01 12:06:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/07/01 12:05:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/07/01 12:05:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/07/01 12:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2010/07/01 11:51:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/07/01 11:17:58 | 008,359,936 | ---- | M] () -- C:\Documents and Settings\Tom White\My Documents\CNB Accounts.mny
[2010/07/01 11:17:54 | 000,254,464 | ---- | M] () -- C:\Documents and Settings\Tom White\My Documents\My Personal Budget_002.xls
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At348.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At324.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At300.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At276.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At252.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/07/01 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/07/01 10:51:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/07/01 10:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/07/01 10:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/07/01 10:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At323.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At299.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At275.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At251.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2010/07/01 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/07/01 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/07/01 10:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At347.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At346.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At345.job
[2010/07/01 10:02:11 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\847u1k.dat
[2010/07/01 09:51:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/07/01 09:05:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/07/01 09:05:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/07/01 09:05:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/07/01 09:05:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At322.job
[2010/07/01 09:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At298.job
[2010/07/01 09:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At274.job
[2010/07/01 09:05:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At250.job
[2010/07/01 09:05:16 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
[2010/07/01 09:05:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
[2010/07/01 09:05:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2010/07/01 09:05:12 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/07/01 09:05:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/07/01 09:05:10 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/07/01 08:51:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/07/01 08:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/07/01 08:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/07/01 08:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/07/01 08:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At321.job
[2010/07/01 08:05:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At297.job
[2010/07/01 08:05:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At273.job
[2010/07/01 08:05:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At249.job
[2010/07/01 08:05:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
[2010/07/01 08:05:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
[2010/07/01 08:05:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2010/07/01 08:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/07/01 08:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/07/01 08:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/07/01 07:57:20 | 000,122,880 | ---- | M] (TODO: ) -- C:\WINDOWS\System32\e7wjN8p8.dll
[2010/06/30 17:05:55 | 019,714,048 | ---- | M] () -- C:\Documents and Settings\Tom White\ntuser.dat
[2010/06/30 17:05:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tom White\ntuser.ini
[2010/06/30 14:31:55 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Tom White\Desktop\Spy Sweeper.lnk
[2010/06/30 13:49:34 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/30 13:49:34 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/30 13:49:32 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/30 13:49:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/30 13:49:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/30 13:49:20 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/30 07:51:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/28 20:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 16:57:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/24 16:45:27 | 000,525,278 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 16:45:27 | 000,445,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 16:45:27 | 000,072,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/24 16:40:06 | 000,501,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/24 16:32:44 | 000,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/24 16:30:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/24 16:29:26 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/24 08:58:48 | 000,000,056 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010/06/23 06:49:22 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Tom White\My Documents\addresses.doc
[2010/06/10 15:27:45 | 000,001,822 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/06/10 15:25:33 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\$_hpcst$.hpc

tom_white
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-07-02
OS OS : Windows XP SP3
Points Points : 23578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with something - not sure what...

Post by tom_white on 2nd July 2010, 1:24 pm

(OTL.txt continued)...

========== Files Created - No Company Name ==========

[2010/07/01 13:06:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/07/01 11:41:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wjwab.dll
[2010/07/01 10:02:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At360.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At359.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At358.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At357.job
[2010/07/01 10:02:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At356.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At355.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At354.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At353.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At352.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At351.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At350.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At349.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At348.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At347.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At346.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At345.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At344.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At343.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At342.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At341.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At340.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At339.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At338.job
[2010/07/01 10:02:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At337.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At336.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At335.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At334.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At333.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At332.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At331.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At330.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At329.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At328.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At327.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At326.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At325.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At324.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At323.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At322.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At321.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At320.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At319.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At318.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At317.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At316.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At315.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At314.job
[2010/07/01 07:59:53 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At313.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At312.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At311.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At310.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At309.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At308.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At307.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At306.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At305.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At304.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At303.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At302.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At301.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At300.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At299.job
[2010/07/01 03:23:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At298.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At297.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At296.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At295.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At294.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At293.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At292.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At291.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At290.job
[2010/07/01 03:23:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At289.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At288.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At287.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At286.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At285.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At284.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At283.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At282.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At281.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At280.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At279.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At278.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At277.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At276.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At275.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At274.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At273.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At272.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At271.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At270.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At269.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At268.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At267.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At266.job
[2010/07/01 01:21:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At265.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At264.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At263.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At262.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At261.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At260.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At259.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At258.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At257.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At256.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At255.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At254.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At253.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At252.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At251.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At250.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At249.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At248.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At247.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At246.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At245.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At244.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At243.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At242.job
[2010/06/30 23:18:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At241.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At240.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At239.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At238.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At237.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At236.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At235.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At234.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At233.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At232.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At231.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At230.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At229.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At228.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At227.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At226.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At225.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At224.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At223.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At222.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At221.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At220.job
[2010/06/30 16:37:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At219.job
[2010/06/30 16:37:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At218.job
[2010/06/30 16:37:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At217.job
[2010/06/30 14:31:55 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Tom White\Desktop\Spy Sweeper.lnk
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At216.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At215.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At214.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At213.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At212.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At211.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At210.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At209.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At208.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At207.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At206.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At205.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At204.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At203.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At202.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At201.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At200.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At199.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At198.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At197.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At196.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At195.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At194.job
[2010/06/30 14:24:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At193.job
[2010/06/30 13:49:34 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/30 13:49:20 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/30 13:49:09 | 061,576,647 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At192.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At191.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At190.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At189.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At188.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At187.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At186.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At185.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At184.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At183.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At182.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At181.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At180.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At179.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At178.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At177.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At176.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At175.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At174.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At173.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At172.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At171.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At170.job
[2010/06/30 11:54:41 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At169.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/06/30 09:52:09 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/06/30 07:49:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/06/30 05:47:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/06/30 03:40:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/06/30 01:38:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/06/29 19:32:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/06/29 19:30:00 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\847u1k.dat
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/06/29 19:27:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/06/29 19:27:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/27 23:12:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 16:37:29 | 019,714,048 | ---- | C] () -- C:\Documents and Settings\Tom White\ntuser.dat
[2010/06/10 15:27:45 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\Tom White\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/06/10 15:25:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/06/10 15:25:52 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/06/10 15:25:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tom White\Application Data\$_hpcst$.hpc
[2009/05/17 05:42:19 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/17 05:42:17 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/17 05:42:16 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/17 05:42:15 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/17 05:42:15 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 17:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/23 20:48:52 | 000,221,252 | ---- | C] () -- C:\WINDOWS\System32\maskDll.dll
[2008/03/23 20:48:52 | 000,200,776 | ---- | C] () -- C:\WINDOWS\System32\unMaskDLL.dll
[2008/01/30 16:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/11/20 17:00:19 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/24 16:24:44 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/04 18:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 18:14:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 18:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 18:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 18:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/02 06:52:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\AGSCDV3.INI
[2007/07/06 15:11:55 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/02 08:13:27 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 12:31:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\hpuninst.dll
[2007/01/12 09:56:29 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007/01/12 09:56:29 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2006/09/09 10:43:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/08/30 14:12:24 | 000,000,233 | ---- | C] () -- C:\WINDOWS\AxType.ini
[2006/08/30 13:58:40 | 000,000,272 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2006/08/30 13:55:39 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/08/02 22:53:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/27 06:22:49 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/06/15 16:38:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/15 05:12:59 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2006/06/15 04:55:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/06/15 04:55:00 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2006/06/15 04:51:42 | 000,000,043 | ---- | C] () -- C:\WINDOWS\EP4180.ini
[2006/06/10 00:55:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/25 08:20:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 08:16:41 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/25 07:50:52 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/05 09:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[2001/12/07 11:09:26 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\heclib50.dll
[1999/03/09 11:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/12 23:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 11:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/02/01 11:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997/02/01 11:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996/07/08 11:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1994/07/24 11:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/06 11:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

tom_white
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-07-02
OS OS : Windows XP SP3
Points Points : 23578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with something - not sure what...

Post by tom_white on 2nd July 2010, 6:30 pm

(OTL.txt continued)...

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 12:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 12:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/04 12:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/12/16 11:31:59 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 16:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2009/02/19 09:34:30 | 000,036,608 | ---- | M] () -- C:\WINDOWS\system32\FsUsbExDisk.Sys
[2005/02/08 12:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 16:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/04 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 05:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 05:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 05:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2005/05/10 01:36:29 | 000,016,848 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\Pcandis4.sys
[2005/05/10 01:36:29 | 000,017,162 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\Pcandis5.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 00:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2001/12/12 10:37:14 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE

< %SYSTEMDRIVE%\*.* >
[2010/02/17 07:50:11 | 000,028,263 | ---- | M] () -- C:\acadminidump.dmp
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/18 15:55:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2006/09/06 06:30:32 | 000,000,299 | ---- | M] () -- C:\clony.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/07/13 20:22:50 | 000,035,539 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/25 07:53:28 | 000,005,925 | RH-- | M] () -- C:\dell.sdr
[2009/11/17 09:56:16 | 000,012,690 | ---- | M] () -- C:\dldtcomx.log
[2006/06/09 23:12:08 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/05/25 08:09:56 | 000,000,827 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/21 10:23:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/02 07:26:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/01/26 14:20:49 | 000,000,146 | ---- | M] () -- C:\ProgrA
[2010/04/06 09:49:31 | 000,000,460 | ---- | M] () -- C:\Shortcut to My Drawings - Tom.lnk
[2006/08/23 15:32:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/10/01 16:55:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/08/23 15:32:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/10/01 16:55:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/05/25 08:10:01 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2007/02/06 15:47:36 | 000,020,722 | ---- | M] () -- C:\temp.xml
[2007/07/26 13:55:53 | 000,004,608 | -HS- | M] () -- C:\Thumbs.db
[2008/05/14 07:46:19 | 000,002,035 | ---- | M] () -- C:\titles
[2008/05/14 07:46:05 | 000,002,035 | ---- | M] () -- C:\titles.txt
[2007/02/01 07:23:17 | 000,000,463 | ---- | M] () -- C:\trial001.prj
[2007/11/14 14:20:58 | 002,686,232 | ---- | M] (Microsoft Corporation) -- C:\vcredist_x86.exe
[2008/11/11 09:51:31 | 000,000,655 | ---- | M] () -- C:\vraylog.txt
[2007/03/03 04:33:29 | 000,000,778 | ---- | M] () -- C:\VRLServer.txt
[2007/03/02 09:25:54 | 000,001,140 | ---- | M] () -- C:\VRSpawner.log

< %PROGRAMFILES%\*. >
[2008/07/29 03:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2007/02/23 12:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\@Last Software
[2006/07/03 06:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2008/07/07 07:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/10/02 06:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\AGSCDROM
[2006/08/01 10:54:55 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2006/06/15 14:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\AJSystems Common
[2006/08/30 13:57:42 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2007/03/22 14:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2008/08/08 06:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/31 07:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST
[2007/03/23 07:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2007
[2007/12/20 15:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/02/02 11:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk VIZ 4
[2010/06/24 08:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/05/12 23:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2010/02/17 15:16:58 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2007/11/20 17:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2010/04/01 22:01:33 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/06/29 21:36:13 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2009/07/27 14:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/05/17 05:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\CD Audio Reader Filter
[2007/03/02 09:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\Chaos Group
[2010/07/01 11:46:23 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 13:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/05/25 08:14:23 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2008/10/15 05:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/12/16 11:39:46 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2006/05/25 08:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/02/06 18:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/14 04:55:05 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2010/06/10 15:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2007/12/13 23:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\DirectVobSub
[2008/06/07 10:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2007/12/13 23:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\DScaler5
[2006/06/18 04:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2006/06/21 04:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010/06/29 19:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\dvd43
[2009/12/07 17:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab 6
[2006/06/15 11:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Eazy-Ware
[2007/01/12 09:57:06 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/06/08 10:47:47 | 000,000,000 | ---D | M] -- C:\Program Files\FileOpen
[2008/10/01 16:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2010/01/27 03:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\FolderSize
[2009/12/22 06:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/06/14 16:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2006/06/16 02:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\GSpot
[2007/12/13 23:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Haali
[2007/02/01 07:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\HEC
[2006/10/12 10:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\ICQLite
[2006/06/28 14:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\ILS
[2007/12/04 09:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Image Grabber II
[2007/03/20 16:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Informatix
[2010/06/10 15:25:29 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/05/25 08:07:12 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/05/25 08:07:32 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/06/24 16:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/05/25 08:10:25 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/04/01 22:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2008/03/12 14:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/07/01 22:00:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/04/01 16:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/05/17 05:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2006/05/25 08:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2008/03/04 15:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\LG Software Innovations
[2007/08/15 10:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2007/07/12 19:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010/06/30 16:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/10 15:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2006/07/03 06:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mediatwins software
[2008/08/21 10:31:17 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/08 06:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/06/15 16:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/10 13:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/06/18 05:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2008/07/07 16:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/10/08 06:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2006/05/25 08:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/05/25 08:09:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2008/01/09 00:19:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Reader
[2010/06/04 08:24:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/06/15 16:36:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/03/27 11:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/06/15 16:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/06/28 07:37:18 | 000,000,000 | ---D | M] -- C:\Program Files\MOV to AVI MPEG WMV Converter
[2010/03/12 17:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/29 21:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/12/09 17:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/08/04 13:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/10 13:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 13:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/03/23 12:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/12/15 09:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2006/05/25 08:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/08/21 10:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/06/15 04:54:55 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2007/02/26 15:45:58 | 000,000,000 | ---D | M] -- C:\Program Files\NewTek
[2008/04/01 08:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\Next Limit
[2004/08/10 13:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/05/17 05:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\OpenSource Flash Video Splitter
[2006/06/15 16:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ORKTOOLS
[2010/06/04 08:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/10 15:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2008/10/15 05:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\PictureRipper 3
[2007/02/26 15:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2010/07/01 23:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/05/25 08:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/12/13 23:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\RealMedia
[2008/12/09 17:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/05/25 08:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/06/10 15:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2007/08/08 02:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\SBC Self Support Tool
[2007/01/10 16:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\ScreenPrint32 v3
[2006/05/25 08:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\SearchAssist
[2009/05/17 05:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\SHOUTcast Source
[2006/05/25 08:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2007/01/12 09:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Panel
[2006/08/17 16:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 2.0
[2006/08/17 16:52:31 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 2.0 Setup Files
[2006/05/25 08:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2007/05/10 16:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Foundry
[2007/05/10 16:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Foundry Setup
[2009/11/02 20:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2009/07/13 10:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2010/07/01 11:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\SysTools vCard Export
[2010/07/01 11:46:23 | 000,000,000 | ---D | M] -- C:\Program Files\Topalt
[2007/02/06 15:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\TrueSwitch
[2004/08/10 13:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/19 20:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2009/03/04 17:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2006/12/13 11:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/07/29 16:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\Visual Mortgage Loan Calculator
[2007/04/01 04:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\VML
[2008/12/09 17:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Watts Radiant
[2006/05/25 08:12:25 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2010/06/30 14:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2006/06/10 00:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\WexTech
[2008/01/15 11:05:32 | 000,000,000 | ---D | M] -- C:\Program Files\Window Studio 3.2
[2009/03/31 07:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/31 07:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2006/12/15 09:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/21 10:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/21 10:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 13:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/12/04 10:34:52 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/12/04 10:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2006/05/25 08:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2007/01/26 05:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/06/29 21:37:07 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2007/09/18 09:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Zing! Viewer
[2009/06/13 05:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Zoom Player

< %appdata%\*.* >
[2010/06/10 15:25:33 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\$_hpcst$.hpc
[2007/07/12 14:32:37 | 000,038,478 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\Comma Separated Values (DOS).ADR
[2004/08/10 12:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tom White\Application Data\desktop.ini
[2010/03/04 08:57:09 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\dvd.bmk
[2009/12/07 17:37:46 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\inst.exe
[2009/12/07 17:37:46 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\pcouffin.cat
[2009/12/07 17:37:46 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\pcouffin.inf
[2009/12/07 17:37:49 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\pcouffin.log
[2009/12/07 17:37:46 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Tom White\Application Data\pcouffin.sys
[2007/01/17 20:45:14 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\PFP120JCM.{PB
[2007/01/17 20:45:14 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\Tom White\Application Data\PFP120JPR.{PB


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/08/21 10:22:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\i386\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< MD5 for: VAXSCSI.SYS >
[2006/08/30 13:57:42 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) MD5=92CEBC2BC7BE2C8D49391B365569F306 -- C:\WINDOWS\system32\drivers\vaxscsi.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 21:34:18
< End of report >

tom_white
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-07-02
OS OS : Windows XP SP3
Points Points : 23578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with something - not sure what...

Post by tom_white on 2nd July 2010, 6:31 pm

(Extras.txt)

OTL Extras logfile created on: 7/2/2010 7:35:55 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\-
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.15 Gb Total Space | 19.21 Gb Free Space | 27.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM
Current User Name: Tom White
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 -- (SmartFTP GmbH)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Next Limit\Maxwell\mxcl.exe" = C:\Program Files\Next Limit\Maxwell\mxcl.exe:*:Enabled:mxcl -- ()
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)
"C:\Documents and Settings\Tom White\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.] = C:\Documents and Settings\Tom White\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.] add-in for Adobe Flash Player -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe" = C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL -- File not found
"C:\Program Files\Canon\Network ScanGear\SgTool.exe" = C:\Program Files\Canon\Network ScanGear\SgTool.exe:*:Enabled:SGTOOL -- (CANON INC.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" = C:\Program Files\Windows Live\Messenger\MsnMsgr .exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" = C:\Program Files\Windows Live\Messenger\MsnMsgr .exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

tom_white
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-07-02
OS OS : Windows XP SP3
Points Points : 23578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with something - not sure what...

Post by tom_white on 2nd July 2010, 6:31 pm

(Extras.txt continued)...

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Visual Mortgage Loan Calculator"_is1" = Visual Mortgage Loan Calculator
"{0204F340-E625-49E6-A104-79893317D84F}" = D4COST DEMO
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A38B5AA-EA84-4F87-9937-2FB23982243A}" = Sonic Foundry ACID 4.0
"{2EB5618E-E9CB-436A-841E-E68767E63A01}" = STOPzilla
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C9F6831-F6A8-4178-A0AD-83EA6F5D07EB}" = IDrop
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A347D7B-3811-4313-93B5-807740629D2A}" = FLVPlayer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7CD754D9-1AB3-473B-87C9-40F0B290AE39}" = RadiantWorks PRO
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8553C3E3-E6EE-49E8-8360-8A9C89B9C1DA}" = Piranesi
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7D542AC-C6B0-4E08-AE68-46AB5DAC00B3}" = Window Studio 3.2 Prerequisite Components
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B357C4B4-9024-4B64-9B3F-A6729031C3DD}" = SketchUp 5
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CA314E-DB2A-4D01-9DA8-A2257611AB7D}" = Window Studio 3.2
"{BBC5C0A6-5EE7-4A4A-AD3D-A5F00FDD856E}" = GeoExpress View by ILS
"{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{C3280F9F-0C9D-43CC-8BC5-11F4319996ED}" = Autodesk® VIZ 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DE3E3852-1128-45A7-BBB5-D46BB7B4E7CD}" = HEC-RAS 3.1.3
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FE983D56-28C6-4E5D-A146-8A8339B9CC1F}" = Lizardtech Express View Browser Plug-in
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 3.1.3.3
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.57
"8461-7759-5462-8226" = Vuze
"AC3 Decoder" = AC3 Decoder
"AC3Filter" = AC3Filter (remove only)
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"AGSCDROM" = AGS CD-ROM Version 3.0
"AnswerWorks" = AnswerWorks Runtime
"Autodesk Express Viewer" = Autodesk Express Viewer
"AVG9Uninstall" = AVG Free 9.0
"Azureus" = Azureus
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BroadJump Client Foundation" = BroadJump Client Foundation
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"EPSON Scanner" = EPSON Scan
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FileZilla Client" = FileZilla Client 3.1.3.1
"getPlus(R)_ocx" = getPlus(R)_ocx
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{8553C3E3-E6EE-49E8-8360-8A9C89B9C1DA}" = Piranesi 3
"InstallShield_{BBE3E502-F1D6-4FC9-9844-CC0850B7C516}" = Network ScanGear Ver.2.21
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"LMS" = C-Dilla Licence Management System
"Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxwell" = Maxwell
"MaxwellMax" = Maxwell Plugin for 3D Studio Max
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetMos Technology" = NetMos Multi-IO Controller
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Silent Package Run-Time Sample" = EPSON Perf 4180 Guide
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"SopCast" = SopCast 3.2.4
"SpySweeper" = Spy Sweeper
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysTools vCard Export - Demo Version 3.0_is1" = SysTools vCard Export
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"vCard ImportExport_is1" = vCard ImportExport 1.2.10
"Veetle TV" = Veetle TV 0.9.15
"VLC media player" = VLC media player 0.9.8a
"V-Ray for 3dsmax R9 for x86" = V-Ray for 3dsmax R9 for x86
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEP" = XPS Essentials Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Auto Outlook Import" = Yahoo! Auto Outlook Import
"YInstHelper" = Yahoo! Install Manager
"Zing!" = Zing! DWF file viewer
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2010 9:41:09 AM | Computer Name = TOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/1/2010 10:09:20 AM | Computer Name = TOM | Source = Application Error | ID = 1000
Description = Faulting application gWtn2jfd.exe, version 0.0.0.0, faulting module
gWtn2jfd.exe, version 0.0.0.0, fault address 0x00001744.

Error - 7/1/2010 11:04:54 AM | Computer Name = TOM | Source = Application Error | ID = 1000
Description = Faulting application gWtn2jfd.exe, version 0.0.0.0, faulting module
gWtn2jfd.exe, version 0.0.0.0, fault address 0x00001744.

Error - 7/1/2010 12:04:05 PM | Computer Name = TOM | Source = Application Error | ID = 1000
Description = Faulting application gWtn2jfd.exe, version 0.0.0.0, faulting module
gWtn2jfd.exe, version 0.0.0.0, fault address 0x00001744.

Error - 7/1/2010 1:04:38 PM | Computer Name = TOM | Source = Application Error | ID = 1000
Description = Faulting application gWtn2jfd.exe, version 0.0.0.0, faulting module
gWtn2jfd.exe, version 0.0.0.0, fault address 0x00001744.

Error - 7/1/2010 2:04:05 PM | Computer Name = TOM | Source = Application Error | ID = 1000
Description = Faulting application gWtn2jfd.exe, version 0.0.0.0, faulting module
gWtn2jfd.exe, version 0.0.0.0, fault address 0x00001744.

Error - 7/1/2010 4:28:41 PM | Computer Name = TOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 7/1/2010 4:28:41 PM | Computer Name = TOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/2/2010 7:22:44 AM | Computer Name = TOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 7/2/2010 7:22:44 AM | Computer Name = TOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At224.job command failed to start due to the following error:
%%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At248.job command failed to start due to the following error:
%%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At272.job command failed to start due to the following error:
%%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At296.job command failed to start due to the following error:
%%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At32.job command failed to start due to the following error: %%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At320.job command failed to start due to the following error:
%%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At344.job command failed to start due to the following error:
%%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At56.job command failed to start due to the following error: %%2147942402

Error - 7/2/2010 8:00:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At80.job command failed to start due to the following error: %%2147942402

Error - 7/2/2010 8:46:00 AM | Computer Name = TOM | Source = Schedule | ID = 7901
Description = The At8.job command failed to start due to the following error: %%2147942402


< End of report >

tom_white
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-07-02
OS OS : Windows XP SP3
Points Points : 23578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with something - not sure what...

Post by Crush on 2nd July 2010, 6:37 pm

Hi Tom,

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Please go Start>Run type Appwiz.cpl and remove the following programs:

Adobe Reader 6.0.1
Adobe Reader 8
Adobe Reader 8.1.0
Adobe Reader 8.1.2
Adobe Reader 8.1.5
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5


Next, get the latest updatest for both Adobe and Java:
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
====

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :commands
    [emptytemp]
    [purity]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42108
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum