1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack

Discussion in 'Malware and Virus Removal Archive' started by baldcajun, 2011/01/19.

Page 1 of 5
  1. 2011/01/19
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    [Resolved] Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack

    My problem before running all of the requested programs was that I could not run msconfig, but could run cmd, task manager and regedit. After running all of the requested programs, I still could not get msconfig to run.

    Another problem that I have experienced and still am is that if I try to start HIDserv by opening my control panel, then Administration Tools, then Services and try to start HIDserv, I get the error message that states "Could not start the HID Input Service service on Local Computer. Error 2: The system cannot find the file specified." If I right click on HIDserv and click on properties, it tells me the file it is looking for is C:\windows\System32\svchost.exe "“k netsvcs. Going to my Windows Explorer program, windows is all capitals, system is not capitalized and there is no svchost under my system32 folder. I do not know how to tell the HIDserv to look for the correct location where to look the correct location.

    Actions that I have taken over a period of time have been to run check disk at least two times and have run sfc /scannow at least twice with no good results.

    I have googled many times looking for msconfig will not run and have found many suggestions. Many of the sites indicated that a virus was causing my problem. The most promising before finding your site, was to replace msconfig file with one from www.dougknox.com (a Microsoft MVP site). That offers to "create an emergency copy of critical XP system utilities; regedit, msconfig and task managerâ€. I tried this utility and was able to set up the three executable files. Upon clicking the regedit and task manager, both came correctly. However, upon clicking on msconfig, it did not come up.

    One other thing I tried was to access msconfig from my original Windows XP cd and was successful in replacing the file that was there. The reason I know it did is because I renamed the existing file to msconfig.exe.old. This effort did not help me run msconfig either.

    I also used regedit to check the registry path for msconfig and it had all the correct entries according to a posting by Ramesh, Microsoft MVP, Windows XP Shell/User, http://windowsxp.mvps.org. At the registry location this was what I found:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE, it had the proper entries, Name: (default), Type: REG_SZ, and Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

    What I have noticed on a thread by riley77, member WindowsBBS about msconfig will not run is that his posting had the registry file as being HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE, it had the proper entries, Name: (default), Type: REG_SZ, and Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSCONFIG.EXE. Note the last entry is all capitals whereas the posting by Ramesh had only MSC capitalized.

    I did try both spellings in my registry and msconfig still did not run. I don’t know what the correct spelling should be or if registry entries are case sensitive.


    Another unusual happening with my computer has been when going into hibernation mode, it sometimes will not come back, it seems to just hang up and I have to turn off the power and turn it back on and it boots up normally, other times it will just not go into hibernation mode even though I have that option turned on.




    Copies of my log files for submission to WindowsBBS

    This log file is the first scan I made after downloading Malwarebytes’ Anti-Malware after reading about it in the Morning Advocate, our local newspaper. It was found under a column written by a computer specialist whose name I do not currently have.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5189

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/25/2010 7:45:02 PM
    mbam-log-2010-11-25 (19-45-02).txt

    Scan type: Full scan (C:\|G:\|)
    Objects scanned: 370457
    Time elapsed: 3 hour(s), 1 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\System Volume Information\_restore{846FB106-412C-4327-A417-18103621FEF9}\RP12\A0004823.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    G:\System Volume Information\_restore{846FB106-412C-4327-A417-18103621FEF9}\RP12\A0004823.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Favorites\Online Pharmacy for Prescription Drugs - CVS Pharmacy Drug Store.URL (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Endless.mid (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\9521986.exe (Trojan.Agent) -> Quarantined and deleted successfully.


    After running the above scan on all of my internal hard drives, I ran the following scan on an external hard drive that is not always connected to my computer, only when I want to make a full back up of my computer.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5189

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/25/2010 9:57:06 PM
    mbam-log-2010-11-25 (21-57-06).txt

    Scan type: Full scan (F:\|)
    Objects scanned: 193834
    Time elapsed: 20 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    F:\RECYCLER\S-1-5-21-1993962763-1383384898-682003330-1003\Df101\system32\calc.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
    F:\RECYCLER\S-1-5-21-1993962763-1383384898-682003330-1003\Df101\system32\defrag.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
    F:\RECYCLER\S-1-5-21-1993962763-1383384898-682003330-1003\Df101\system32\help.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.


    LISTING OF ALL OF MY MALWARE SCANS

    Date Time Comments

    11-25-2010 19-45-02 Detail of scan listed above-infection found
    11-25-2010 21-57-06 Detail of scan listed above-infection found
    12-03-2010 00-41-45
    12-08-2010 13-59-07
    12-13-2010 13-44-41
    12-13-2010 16-08-01
    12-19-2010 09-29-10
    12-25-2010 08-00-48 Detail of scan listed below-infection found
    12-26-2010 17.32-45
    01-01-2011 21-36-31
    01-11-2011 16-40-09
    01-12-2011 12-28-50
    01-12-2011 12-32-22
    01-13-2011 13-19-50
    01-14-2011 20-44-35
    01-15-2011 11-20-14
    01-18-2011 16-25-57 Submitted with other logs requested



    Once again, exactly one month later, I scanned my internal hard drives and was surprised that it found one registry data item infected. During all of this time I had my McAfee security system activated as I always have. It is updated daily. The following log file is from that scan.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    12/25/2010 8:00:48 AM
    mbam-log-2010-12-25 (08-00-48).txt

    Scan type: Full scan (C:\|G:\|H:\|I:\|J:\|)
    Objects scanned: 361641
    Time elapsed: 2 hour(s), 15 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    baldcajun,
    #1
  2. 2011/01/19
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-18 17:13:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 WDC_WD50 rev.05.0
    Running: 5wkmbsp2 GMER.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwrirpob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB24B778A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB24B7821]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB24B7738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB24B774C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB24B7835]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB24B7861]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB24B78CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB24B78B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB24B77CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB24B78FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB24B780D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB24B7710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB24B7724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB24B779E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB24B7937]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB24B78A3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB24B788D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB24B784B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB24B7923]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB24B790F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB24B7776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB24B7762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB24B7877]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB24B77F9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB24B78E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB24B77E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB24B77B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP B24B77B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP B24B7811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP B24B7891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP B24B778E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP B24B7766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP B24B7825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP B24B793B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP B24B78D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP B24B7714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP B24B77A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP B24B787B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP B24B77E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP B24B77CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B24B7750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP B24B77FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP B24B78BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP B24B7728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP B24B78FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP B24B7865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP B24B7839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP B24B773C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP B24B777A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP B24B78E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP B24B78A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP B24B784F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP B24B7913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP B24B7927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[372] kernel32.dll!LoadLibraryA
     
    baldcajun,
    #2


  3. to hide this advert.

  4. 2011/01/19
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000003dd

    Kernel Drivers (total 156):
    0x804D7000 \windows\system32\ntoskrnl.exe
    0x806EE000 \windows\system32\hal.dll
    0xF7C0B000 \windows\system32\KDCOM.DLL
    0xF7B1B000 \windows\system32\BOOTVID.dll
    0xF76BC000 ACPI.sys
    0xF7C0D000 \windows\System32\DRIVERS\WMILIB.SYS
    0xF76AB000 pci.sys
    0xF770B000 isapnp.sys
    0xF771B000 ohci1394.sys
    0xF772B000 \windows\System32\DRIVERS\1394BUS.SYS
    0xF7B1F000 compbatt.sys
    0xF7B23000 \windows\System32\DRIVERS\BATTC.SYS
    0xF7CD3000 pciide.sys
    0xF798B000 \windows\System32\DRIVERS\PCIIDEX.SYS
    0xF7C0F000 intelide.sys
    0xF773B000 MountMgr.sys
    0xF768C000 ftdisk.sys
    0xF7993000 PartMgr.sys
    0xF7B27000 IdeBusDr.sys
    0xF774B000 VolSnap.sys
    0xF7674000 atapi.sys
    0xF765C000 IdeChnDr.sys
    0xF775B000 disk.sys
    0xF776B000 \windows\System32\DRIVERS\CLASSPNP.SYS
    0xF763C000 fltmgr.sys
    0xF762A000 sr.sys
    0xF7613000 KSecDD.sys
    0xF7586000 Ntfs.sys
    0xF7559000 NDIS.sys
    0xF777B000 sbp2port.sys
    0xF753F000 Mup.sys
    0xF77AB000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xF74F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xF786B000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF5DBE000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
    0xF5DAA000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF7A5B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF5D86000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF7A63000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF5C77000 \SystemRoot\System32\DRIVERS\GWMDM.sys
    0xF5C54000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF7A6B000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF5BDD000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF1FB4000 \SystemRoot\system32\drivers\portcls.sys
    0xF32F3000 \SystemRoot\system32\drivers\drmk.sys
    0xF1F9B000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF7C6B000 \SystemRoot\System32\drivers\ctprxy2k.sys
    0xEDE2E000 \SystemRoot\System32\DRIVERS\e100b325.sys
    0xF7B13000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF416D000 \SystemRoot\System32\DRIVERS\serial.sys
    0xEF83F000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xEDE1A000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF415D000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF7C6D000 \SystemRoot\system32\DRIVERS\Sk99202k.sys
    0xF79A3000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF414D000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF413D000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF412D000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF3D02000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF7A03000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xEDDAE000 \SystemRoot\system32\drivers\smwdm.sys
    0xEEBEB000 \SystemRoot\system32\drivers\SENSUPGD.SYS
    0xEEBEA000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF3C82000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xEF837000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xEDD97000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF37EE000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xEE0C8000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7A0B000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xEDD86000 \SystemRoot\System32\DRIVERS\psched.sys
    0xEE0B8000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF7A1B000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF4052000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xEE0A8000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF404A000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF7C83000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xEDD28000 \SystemRoot\System32\DRIVERS\update.sys
    0xEF0C7000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xEE088000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB27E7000 \SystemRoot\system32\drivers\ialmkchw.sys
    0xB27C9000 \SystemRoot\system32\drivers\ialmsbw.sys
    0xEE068000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7C95000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xEF0A3000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xB2724000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0xB2713000 \SystemRoot\System32\drivers\ctac32k.sys
    0xB26FA000 \SystemRoot\System32\drivers\emupia2k.sys
    0xB26DB000 \SystemRoot\System32\drivers\ctsfm2k.sys
    0xF401A000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xEE536000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF2894000 \SystemRoot\System32\Drivers\Null.SYS
    0xEE534000 \SystemRoot\System32\Drivers\Beep.SYS
    0xEE532000 \SystemRoot\system32\DRIVERS\Sk9920nt.sys
    0xF400A000 \SystemRoot\System32\drivers\vga.sys
    0xEE530000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xEE52E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF3F6B000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF3F63000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xEEC0C000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xB266E000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xB2615000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xB25EE000 \SystemRoot\System32\Drivers\Mpfp.sys
    0xF32D3000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    0xB25C6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xB258E000 \SystemRoot\system32\DRIVERS\tcpip6.sys
    0xB256C000 \SystemRoot\System32\drivers\afd.sys
    0xF32C3000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xB2541000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xB24D1000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xB249E000 \SystemRoot\system32\drivers\mfehidk.sys
    0xB2478000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF787B000 \SystemRoot\system32\drivers\ip6fw.sys
    0xF32A3000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF3293000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF209A000 \SystemRoot\System32\Drivers\BANTExt.sys
    0xF3283000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xF3F5B000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xF2BBC000 \SystemRoot\system32\drivers\lvusbsta.sys
    0xEE4C5000 \SystemRoot\System32\DRIVERS\usbscan.sys
    0xEE4C1000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xF2B6C000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xF3F53000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xF3747000 \SystemRoot\System32\DRIVERS\usbprint.sys
    0xB2428000 \SystemRoot\system32\DRIVERS\Camdrl.sys
    0xF2B4C000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xB220D000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
    0xF2089000 \SystemRoot\system32\drivers\usbaudio.sys
    0xF5279000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xF2079000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB21E4000 \SystemRoot\System32\Drivers\dump_IdeChnDr.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF2F83000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF2F27000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7E09000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF073000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB20DC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xB20C7000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF2039000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF20AB000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF7C89000 \??\C:\windows\system32\PfModNT.sys
    0xB1ABE000 \SystemRoot\system32\DRIVERS\ubohci.sys
    0xB1AA8000 \SystemRoot\system32\DRIVERS\UB1394.SYS
    0xB1DBD000 \SystemRoot\system32\DRIVERS\ubsbm.sys
    0xB1E61000 \SystemRoot\system32\DRIVERS\ubumapi.sys
    0xB1A34000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF7A2B000 \SystemRoot\system32\drivers\mfebopk.sys
    0xB18E2000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xB0896000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\kwrirpob.sys
    0xB086B000 \SystemRoot\system32\drivers\kmixer.sys
    0xB1812000 \SystemRoot\system32\drivers\mfesmfk.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 41):
    0 System Idle Process
    4 System
    664 C:\WINDOWS\system32\smss.exe
    732 C:\WINDOWS\system32\csrss.exe
    764 C:\WINDOWS\system32\winlogon.exe
    808 C:\WINDOWS\system32\services.exe
    820 C:\WINDOWS\system32\lsass.exe
    992 C:\WINDOWS\system32\svchost.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1212 C:\WINDOWS\system32\svchost.exe
    1300 C:\WINDOWS\system32\svchost.exe
    1384 C:\WINDOWS\explorer.exe
    1560 C:\WINDOWS\system32\spoolsv.exe
    1644 C:\WINDOWS\system32\svchost.exe
    1812 C:\Program Files\McAfee.com\Agent\mcagent.exe
    1820 C:\WINDOWS\system32\hkcmd.exe
    1832 C:\WINDOWS\system32\SK9910DM.EXE
    1840 C:\Program Files\IObit\IObit Security 360\is360tray.exe
    1940 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    1980 C:\WINDOWS\system32\CTsvcCDA.EXE
    2008 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    132 C:\Program Files\IObit\IObit Security 360\is360srv.exe
    164 C:\Program Files\Java\jre6\bin\jqs.exe
    216 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    244 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    316 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    372 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    460 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    516 C:\Program Files\McAfee\MPF\MpfSrv.exe
    584 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    648 C:\WINDOWS\system32\snmp.exe
    784 C:\WINDOWS\system32\svchost.exe
    1324 C:\WINDOWS\system32\ups.exe
    1664 C:\WINDOWS\system32\MsPMSPSv.exe
    944 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    1652 C:\WINDOWS\system32\searchindexer.exe
    3940 C:\Program Files\IObit\IObit Security 360\is360.exe
    8564 C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    8728 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    7436 C:\WINDOWS\system32\wbem\wmiprvse.exe
    8400 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive0 at offset 0x0000001c`f8baae00 (NTFS)
    \\.\I: --> \\.\PhysicalDrive0 at offset 0x00000039`d8f17a00 (NTFS)
    \\.\J: --> \\.\PhysicalDrive0 at offset 0x00000057`00bc6a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05
    PhysicalDrive1 Model Number: ST3160023A, Rev: 8.01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Legit MBR code detected
    SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
    149 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    baldcajun,
    #3
  5. 2011/01/19
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 17:25:42.56 on Tue 01/18/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.357 [GMT -6:00]

    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *Enabled*

    ============== Running Processes ===============

    C:\windows\system32\svchost -k DcomLaunch
    C:\windows\system32\svchost -k rpcss
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\System32\svchost.exe -k NetworkService
    C:\windows\Explorer.EXE
    C:\windows\system32\spoolsv.exe
    C:\windows\System32\svchost.exe -k LocalService
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\windows\system32\SK9910DM.EXE
    C:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\windows\system32\CTsvcCDA.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\windows\System32\snmp.exe
    C:\windows\System32\svchost.exe -k imgsvc
    C:\windows\System32\ups.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ww2.cox.com/myconnection/greaterlouisiana/home.cox
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: ShopSafeBrowserHelper Class: {333f6b96-3992-4d58-a499-145a10fe48c3} - c:\program files\shopsafe\BhoSSafe.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Bandoo IE Plugin: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - BandooIEPlugin Class
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
    mPolicies-explorer: <NO NAME> =
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\www.update
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255116240875
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234735909296
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: c:\progra~1\babylo~1\bndhook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = :\windows\system32\srrstr.dll scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\kl2i02o1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=14055
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://batonrouge.cox.net/cci/home
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\shopsafe\components\SlimOrbAddonShopSafe.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: ShopSafe: shopsafe@orbiscom - c:\program files\ShopSafe
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 214664]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-10 312152]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-2 93320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-4-2 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-4-2 144704]
    R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
    R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-4-2 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-4 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-4 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-4 40552]
    R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 iscFlash;iscFlash;\??\c:\windows\system32\drivers\iscflash.sys --> c:\windows\system32\drivers\iscflash.sys [?]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-4 34248]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 BabylonIM Coordinator;BabylonIM Coordinator; "c:\progra~1\babylo~1\bandoo.exe" --> c:\progra~1\babylo~1\Bandoo.exe [?]

    =============== Created Last 30 ================

    2011-01-16 21:33:03 4199768 ----a-w- c:\windows\system32\cdintf400.dll
    2011-01-16 21:32:15 -------- d-----w- c:\program files\Quicken
    2011-01-16 16:44:30 -------- d-sh--w- c:\documents and settings\owner\UserData
    2011-01-16 16:10:09 -------- d-----w- C:\office uninstall tool
    2011-01-11 23:07:32 -------- d-s---w- c:\windows\Downloaded Program Files
    2011-01-11 20:42:24 -------- d-----w- C:\EmergencyUtils
    2011-01-10 23:19:34 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-10 23:19:34 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-10 23:03:35 -------- d-----w- c:\windows\system32\wbem\Logs(3)
    2011-01-10 16:31:38 -------- d-----w- c:\windows\system32\wbem\Logs
    2010-12-26 03:02:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-12-25 02:38:54 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-25 02:38:52 20952 ------w- c:\windows\system32\drivers\mbam.sys
    2010-12-25 02:38:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-24 16:42:04 -------- d-----w- c:\windows\pss

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-11-03 19:12:22 409600 ------w- c:\windows\system32\wrap_oal.dll
    2010-11-03 12:25:53 389120 ------w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2007-01-09 20:35:30 3035136 -c----w- c:\program files\common files\AdvrCntr2.dll

    ============= FINISH: 17:27:46.54 ===============
     
    baldcajun,
    #4
  6. 2011/01/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,890
    Likes Received:
    387
    I don't see Attach.txt - out Malware Analysts will require that please.
     
    PeteC,
    #5
  7. 2011/01/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Also GMER log seems to be incomplete.
    Please, repost, or redo.
     
    broni,
    #6
  8. 2011/01/20
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    PeteC,

    My error, sorry about that. I do appreciate your help in solving my problems.

    This post includes Attach.txt. I will post another reply redoing GMER.log

    baldcajun


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/4/2009 9:25:12 AM
    System Uptime: 1/18/2011 2:55:57 PM (3 hours ago)

    Motherboard: Intel Corporation | | D845GRG
    Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | J2E1 | 1799/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 116 GiB total, 77.633 GiB free.
    D: is Removable
    E: is CDROM ()
    G: is FIXED (NTFS) - 149 GiB total, 112.415 GiB free.
    H: is FIXED (NTFS) - 116 GiB total, 114.872 GiB free.
    I: is FIXED (NTFS) - 117 GiB total, 116.549 GiB free.
    J: is FIXED (NTFS) - 118 GiB total, 117.678 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 12/31/2010 4:02:51 PM - System Checkpoint
    RP2: 12/31/2010 4:03:59 PM - Installing SuprDat McAfee file
    RP3: 1/1/2011 5:39:51 PM - System Checkpoint
    RP4: 1/2/2011 5:55:16 PM - System Checkpoint
    RP5: 1/3/2011 6:00:24 PM - System Checkpoint
    RP6: 1/4/2011 9:20:15 PM - System Checkpoint
    RP7: 1/4/2011 9:57:22 PM - Software Distribution Service 3.0
    RP8: 1/6/2011 5:42:51 PM - System Checkpoint
    RP9: 1/7/2011 6:32:12 PM - System Checkpoint
    RP10: 1/8/2011 7:33:42 PM - System Checkpoint
    RP11: 1/9/2011 8:36:49 PM - System Checkpoint
    RP12: 1/10/2011 10:28:52 AM - PC Health Advisor Backup
    RP13: 1/10/2011 10:44:52 AM - PC Health Advisor Backup
    RP14: 1/10/2011 1:31:48 PM - Installed WinZip 15.0
    RP15: 1/10/2011 1:43:01 PM - Removed WinZip 15.0
    RP16: 1/10/2011 5:02:45 PM - Restore Operation
    RP17: 1/10/2011 5:18:08 PM - Restore Operation
    RP18: 1/10/2011 5:18:48 PM - Restore Operation
    RP19: 1/11/2011 6:25:24 PM - System Checkpoint
    RP20: 1/12/2011 11:03:36 AM - Software Distribution Service 3.0
    RP21: 1/13/2011 12:14:48 PM - System Checkpoint
    RP22: 1/14/2011 12:25:56 PM - System Checkpoint
    RP23: 1/15/2011 5:04:40 PM - Installed WinZip 15.0
    RP24: 1/15/2011 5:09:40 PM - Removed WinZip 15.0
    RP25: 1/16/2011 3:33:12 PM - Printer Driver Amyuni Document Converter 400 Installed
    RP26: 1/17/2011 1:39:43 PM - Installed TurboTax 2010 wrapper
    RP27: 1/17/2011 2:02:17 PM - Installed TurboTax 2010 wlaiper
    RP28: 1/18/2011 3:15:18 PM - System Checkpoint

    ==== Installed Programs ======================


    3D-Album PicturePro
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AnswerWorks 5.0 English Runtime
    APC PowerChute Personal Edition
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Beat The House v2.0
    Belarc Advisor 8.1
    Bonjour
    Compatibility Pack for the 2007 Office system
    Data Lifeguard Tools
    Driver Detective
    Family Lawyer 2000
    FileZilla Client 3.2.3.1
    G3 Manager
    Gadwin PrintScreen
    Gateway Desktop Manager
    Gateway Drivers and Applications Recovery
    Gateway Power Management
    Google Earth
    Greeting Card Creator 32
    GTW V.92 Voicemodem
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 5600
    hp instant support
    HP Memories Disc
    HP Photo and Imaging 1.0 - Scanjet 3500c Series
    HP Photo and Imaging 2.0 - Deskjet Series
    HP Photo and Imaging 2.0 - Scanners
    hp print screen utility
    Intel Application Accelerator
    Intel(R) Extreme Graphics Driver
    Intel(R) Network Connections 14.0.40.0
    IObit Security 360
    iSEEK AnswerWorks English Runtime
    iTunes
    Java(TM) 6 Update 17
    Junk Mail filter update
    Legal Search
    LightScribe 1.4.136.1
    Logitech QuickCam
    Logitech QuickCam Software
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    McAfee Virtual Technician
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Small Business
    Microsoft Picture It! Photo 2002
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets and Trips 2002
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Word 2002
    Microsoft Works 2002 Setup Launcher
    Microsoft Works 6.0
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Suite
    OLYMPUS CAMEDIA Master 4.1
    PowerDVD
    PS/2 Millennium Keyboard
    Quicken 2011
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    RegCure
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    ShareIns
    ShopSafe
    SkyCaddie Desktop
    Skypeâ„¢ 4.1
    Sound Blaster Audigy
    SureThing CD Labeler 4 SE
    The Plain-Language Law Dictionary
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wlaiper
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wlaiper
    TurboTax 2010 wrapper
    ubCore
    Uninstall Startup Inspector
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Visviva Animation Player
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    Works Suite OS Pack
    Works Synchronization

    ==== Event Viewer Messages From Past Week ========

    1/18/2011 2:54:10 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:10 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:10 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/18/2011 2:54:10 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    1/18/2011 2:54:09 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/18/2011 2:54:09 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/18/2011 2:54:09 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/18/2011 2:54:08 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:08 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:07 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:07 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:07 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    1/18/2011 2:54:07 PM, error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
    1/15/2011 11:19:39 AM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/14/2011 8:41:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
    1/14/2011 4:32:01 PM, error: IdeChnDr [9] - The device, \Device\Ide\IdeDeviceP0T0L0, did not respond within the timeout period.
    1/14/2011 2:13:22 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.
    1/14/2011 11:20:10 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
    1/14/2011 10:32:35 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    1/14/2011 10:31:04 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
    1/13/2011 1:23:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi IntelIde PCIIde
    1/13/2011 1:22:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    1/12/2011 9:20:43 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\msconfig.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.5512.
    1/12/2011 9:16:04 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\pchealth\helpctr\binaries\msconfig.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    1/12/2011 12:59:13 PM, information: Windows File Protection [64004] - The protected system file shell32.dll could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.6018 The specific error code is 0x000003e3 [The I/O operation has been aborted because of either a thread exit or an application request. ].
    1/12/2011 10:59:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/12/2011 10:57:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
    1/12/2011 10:56:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6
    1/12/2011 10:56:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/12/2011 10:56:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/12/2011 10:55:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/11/2011 5:46:01 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msconfig.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.5512.

    ==== End Of File ===========================
     
    baldcajun,
    #7
  9. 2011/01/20
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    PeteC,

    My error again. Posting GMER again with the next two posts.

    Thanks,

    baldcajun


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-18 17:13:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0 WDC_WD50 rev.05.0
    Running: 5wkmbsp2 GMER.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwrirpob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB24B778A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB24B7821]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB24B7738]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB24B774C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB24B7835]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB24B7861]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB24B78CF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB24B78B9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB24B77CA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB24B78FB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB24B780D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB24B7710]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB24B7724]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB24B779E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB24B7937]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB24B78A3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB24B788D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB24B784B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB24B7923]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB24B790F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB24B7776]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB24B7762]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB24B7877]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB24B77F9]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB24B78E5]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB24B77E0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB24B77B4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP B24B77B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP B24B7811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP B24B7891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP B24B778E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP B24B7766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP B24B7825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP B24B793B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP B24B78D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP B24B7714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP B24B77A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP B24B787B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP B24B77E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP B24B77CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B24B7750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP B24B77FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP B24B78BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP B24B7728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP B24B78FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP B24B7865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP B24B7839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP B24B773C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP B24B777A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP B24B78E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP B24B78A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP B24B784F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP B24B7913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP B24B7927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F7E
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F8F
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40073
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40FB6
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40047
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A400AB
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A4008E
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40F2D
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40F48
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F1C
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40058
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A4001B
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F6D
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FE5
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A4002C
    .text C:\windows\System32\svchost.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A400C6
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FD4
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F97
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30025
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30014
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30FB2
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30FEF
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A30FC3
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 88]
    .text C:\windows\System32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30040
    .text C:\windows\System32\svchost.exe[784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20FB5
    .text C:\windows\System32\svchost.exe[784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20FC6
    .text C:\windows\System32\svchost.exe[784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A2002C
    .text C:\windows\System32\svchost.exe[784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20000
    .text C:\windows\System32\svchost.exe[784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FD7
    .text C:\windows\System32\svchost.exe[784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20011
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF0000
    .text C:\windows\system32\services.exe[808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DF0F94
    .text C:\windows\system32\services.exe[808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DF0089
    .text C:\windows\system32\services.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DF006E
    .text C:\windows\system32\services.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DF0FA5
    .text C:\windows\system32\services.exe[808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DF0036
    .text C:\windows\system32\services.exe[808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DF00BF
    .text C:\windows\system32\services.exe[808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DF00A4
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DF00EB
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DF00D0
    .text C:\windows\system32\services.exe[808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DF00FC
    .text C:\windows\system32\services.exe[808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DF0051
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DF0FE5
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DF0F79
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DF0FCA
    .text C:\windows\system32\services.exe[808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DF001B
    .text C:\windows\system32\services.exe[808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DF0F5C
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE0FCD
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0079
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE001E
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE0FDE
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0FBC
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0FEF
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DE005E
    .text C:\windows\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE0039
    .text C:\windows\system32\services.exe[808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD003D
    .text C:\windows\system32\services.exe[808] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD002C
    .text C:\windows\system32\services.exe[808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0FC6
    .text C:\windows\system32\services.exe[808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0000
    .text C:\windows\system32\services.exe[808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD001B
    .text C:\windows\system32\services.exe[808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FD7
    .text C:\windows\system32\services.exe[808] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DC0000
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F70
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0065
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0054
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0F97
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FA8
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF009B
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F49
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF00D1
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00B6
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00E2
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF002F
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF0FE5
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0080
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FB9
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FD4
    .text C:\windows\system32\lsass.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F38
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0FC0
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F9E
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FDB
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0011
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0051
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0000
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CE0FAF
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 88]
    .text C:\windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0036
    .text C:\windows\system32\lsass.exe[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0044
    .text C:\windows\system32\lsass.exe[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0033
    .text C:\windows\system32\lsass.exe[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FDE
    .text C:\windows\system32\lsass.exe[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0000
    .text C:\windows\system32\lsass.exe[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FC3
    .text C:\windows\system32\lsass.exe[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0FEF
    .text C:\windows\system32\lsass.exe[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0000
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[944] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02420FEF
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02420093
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02420078
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02420F9E
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02420051
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0242002F
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024200CB
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024200B0
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024200E6
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02420F4D
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02420101
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02420040
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0242000A
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02420F79
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02420FC3
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02420FD4
    .text C:\windows\system32\svchost.exe[992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02420F68
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02410014
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02410F7C
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02410FC3
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02410FD4
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02410F97
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02410FEF
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0241002F
    .text C:\windows\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02410FA8
    .text C:\windows\system32\svchost.exe[992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0F90
    .text C:\windows\system32\svchost.exe[992] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF001B
    .text C:\windows\system32\svchost.exe[992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FC6
    .text C:\windows\system32\svchost.exe[992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
    .text C:\windows\system32\svchost.exe[992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FAB
    .text C:\windows\system32\svchost.exe[992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FD7
    .text C:\windows\system32\svchost.exe[992] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC000A
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC007F
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC006E
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0047
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0F8A
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FAF
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F52
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F6F
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F1C
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC00B5
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC00D0
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0036
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC000A
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0090
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0FCA
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC001B
    .text C:\windows\system32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0F37
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB000A
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0F8A
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0FB9
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FD4
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB0051
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DB0036
    .text C:\windows\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0025
    .text C:\windows\system32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0049
    .text C:\windows\system32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0038
    .text C:\windows\system32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0FC8
    .text C:\windows\system32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
    .text C:\windows\system32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0027
    .text C:\windows\system32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FE3
    .text C:\windows\system32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D9000A
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02020FEF
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02020F3A
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02020F55
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02020F7C
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02020F8D
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02020FA8
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02020F0E
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02020F1F
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02020EE2
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02020071
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02020ED1
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0202002F
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02020FD4
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0202004A
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02020FC3
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0202000A
    .text C:\windows\System32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02020EFD
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02010039
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02010F97
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02010014
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02010FDE
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02010054
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02010FEF
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02010FB2
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [21, 8A]
    .text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02010FC3
    .text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02000FC3
    .text C:\windows\System32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 02000FD4
    .text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02000033
    .text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02000FEF
    .text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02000044
    .text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0200000C
    .text C:\windows\System32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FF0000
    .text C:\windows\System32\svchost.exe[1212] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01FD0000
    .text C:\windows\System32\svchost.exe[1212] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01FD0011
    .text C:\windows\System32\svchost.exe[1212] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01FD0022
    .text C:\windows\System32\svchost.exe[1212] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01FD0FD1
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900000
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009000BA
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009000A9
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900098
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900087
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0090006C
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009000F2
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900FAA
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0090011E
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900103
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900F6A
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900FDB
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900025
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009000D5
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900051
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900036
    .text C:\windows\System32\svchost.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900F85
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008F0025
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008F0F94
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008F0014
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008F0FDE
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008F0051
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008F0FEF
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008F0036
    .text C:\windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008F0FB9
    .text C:\windows\System32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0F8B
    .text C:\windows\System32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0020
    .text C:\windows\System32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0FC1
    .text C:\windows\System32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0FEF
    .text C:\windows\System32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FB0
    .text C:\windows\System32\svchost.exe[1300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E0FDE
    .text C:\windows\System32\svchost.exe[1300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0FEF
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A10FE5
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A10049
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A10038
     
    baldcajun,
    #8
  10. 2011/01/20
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    PeteC,

    This is the second post of the balance of GMER. I repeated the last line of the previous file on this posting to make sure I got all lines included.
    Again, thanks for your help.

    baldcajun




    .text C:\windows\Explorer.EXE[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A10038
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01A10F5E
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01A10F79
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01A1001B
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01A10F08
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01A10F2F
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 01A1007C
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 01A10EED
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01A10EBC
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01A10F8A
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A10000
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01A1005A
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01A10FAF
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01A10FC0
    .text C:\windows\Explorer.EXE[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A1006B
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01A00FCA
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01A0007D
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01A00FE5
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01A0001B
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01A00062
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01A00000
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01A00051
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01A00036
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\windows\Explorer.EXE[1384] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\windows\Explorer.EXE[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C60FB2
    .text C:\windows\Explorer.EXE[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60033
    .text C:\windows\Explorer.EXE[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60011
    .text C:\windows\Explorer.EXE[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60000
    .text C:\windows\Explorer.EXE[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60022
    .text C:\windows\Explorer.EXE[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C60FD7
    .text C:\windows\Explorer.EXE[1384] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00C40000
    .text C:\windows\Explorer.EXE[1384] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00C40FE5
    .text C:\windows\Explorer.EXE[1384] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00C40011
    .text C:\windows\Explorer.EXE[1384] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 00C40FCA
    .text C:\windows\Explorer.EXE[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50FEF
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F81
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0076
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F9E
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FAF
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB002C
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00B5
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0098
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F41
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F52
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F1C
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0051
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FDB
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0087
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB001B
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FCA
    .text C:\windows\System32\svchost.exe[1644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00D0
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FD4
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930080
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930025
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FEF
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930065
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FC3
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
    .text C:\windows\System32\svchost.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930040
    .text C:\windows\System32\svchost.exe[1644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092005D
    .text C:\windows\System32\svchost.exe[1644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920042
    .text C:\windows\System32\svchost.exe[1644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920027
    .text C:\windows\System32\svchost.exe[1644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
    .text C:\windows\System32\svchost.exe[1644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD2
    .text C:\windows\System32\svchost.exe[1644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092000C
    .text C:\windows\System32\svchost.exe[1644] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00900FEF
    .text C:\windows\System32\svchost.exe[1644] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00900FDE
    .text C:\windows\System32\svchost.exe[1644] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00900FC3
    .text C:\windows\System32\svchost.exe[1644] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 00900FB2
    .text C:\windows\System32\svchost.exe[1644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
    .text C:\windows\system32\SearchIndexer.exe[1652] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\windows\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 027D0001
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[1812] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\windows\system32\hkcmd.exe[1820] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\windows\system32\hkcmd.exe[1820] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\windows\system32\hkcmd.exe[1820] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\windows\system32\hkcmd.exe[1820] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\windows\system32\hkcmd.exe[1820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
    .text C:\windows\system32\hkcmd.exe[1820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\windows\system32\hkcmd.exe[1820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\windows\system32\hkcmd.exe[1820] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\windows\system32\hkcmd.exe[1820] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\windows\system32\hkcmd.exe[1820] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\windows\system32\hkcmd.exe[1820] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\windows\system32\hkcmd.exe[1820] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\windows\system32\SK9910DM.EXE[1832] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\windows\system32\SK9910DM.EXE[1832] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\windows\system32\SK9910DM.EXE[1832] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\windows\system32\SK9910DM.EXE[1832] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\windows\system32\SK9910DM.EXE[1832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01AD0001
    .text C:\windows\system32\SK9910DM.EXE[1832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\windows\system32\SK9910DM.EXE[1832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\windows\system32\SK9910DM.EXE[1832] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\windows\system32\SK9910DM.EXE[1832] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\windows\system32\SK9910DM.EXE[1832] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\windows\system32\SK9910DM.EXE[1832] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\windows\system32\SK9910DM.EXE[1832] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Documents and Settings\Owner\Desktop\5wkmbsp2 GMER.exe[8476] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \Driver\ubohci \Device\C1394 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.)

    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
    baldcajun,
    #9
  11. 2011/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2011/01/21
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    :):)broni,

    Thank you for your prompt response and recommendations.

    The good news is that my msconfig is now working properly thanks to the ComboFix program you recommended.:)

    :(The bad news is that while I downloaded the CombFix file, it did not go to my desktop directly, it went to my download folder under C: drive. I did a drag and drop to move it to my desktop before running it.

    Before double clicking the ComboFix file I disabled my McAfee security system to include ant-virus checker, anti-malware and disabled its firewall. I also disabled another security system, IO Bit Security 360 v1.5. I also closed my browser.

    After disabling the above programs, I did start the ComboFix program and it started operating. Shortly after it started a screen came up that said my McAfee anti-virus was still active even though McAfee indicated it was to be off for 30 minutes. I went back to McAfee home page several times and could not see what else I could do. Afraid to continue with running ComboFix with its warning displayed about this anti-virus checker still being active, I opened my control panel, then remove programs and proceeded to uninstall McAfee security system without restarting my computer.

    I then felt comfortable about continuing the CombFix program and a short time later another screen popped up and it was the Windows firewall activation screen which showed it had reactivated my Windows firewall which had been previously deactivated by McAfee. I then deactivated the Windows firewall and Automatic Downloads, closed this window and continued with the running of ComboFix.

    ComboFix appeared to continue to run properly, I notice it had gone through 50 operations?? then showed it was deleting some files. Then the ComboFix screen came up to indicate it was preparing the log file. After waiting for more than 30 minutes for this to complete which it never did. I assumed that it was hung up and I could see no alternative but to end its run without the CombFix log file being generated.

    To see what type of file might have been saved to my computer, I went to Windows Explorer under the ComboFix folder and found a text file which may or may not be of any use to you, but I am including that file here.

    Since I had to uninstall my McAfee security system previously, I was afraid to access the internet without reinstalling that system. I did do that operation even though I know I am not supposed to download any programs until WindowsBBs has declared my machine clean. I hope this does not foul up your analysis procedures.

    Here is the notepad text file that I found under the ComboFix folder:

    ComboFix 11-01-20.04 - Owner 01/21/2011 9:08:52.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.465 [GMT -6:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Owner\My Documents\DPE.DUS
    C:\Thumbs.db
    C:\windows\desktop
    C:\windows\desktop\Instal~1.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
    .

    2011-01-16 21:33:03 . 2010-11-30 00:28:16 4199768 ----a-w- C:\windows\system32\cdintf400.dll
    2011-01-16 21:32:15 . 2011-01-16 21:36:35 -------- d-----w- C:\Program Files\Quicken
    2011-01-16 16:44:30 . 2011-01-16 16:44:30 -------- d-sh--w- C:\Documents and Settings\Owner\UserData
    2011-01-16 16:10:09 . 2011-01-17 14:33:33 -------- d-----w- C:\office uninstall tool
    2011-01-11 23:07:32 . 2011-01-12 02:47:32 -------- d-s---w- C:\windows\Downloaded Program Files
    2011-01-11 20:42:24 . 2011-01-11 20:42:24 -------- d-----w- C:\EmergencyUtils
    2011-01-10 23:19:34 . 2011-01-10 23:19:34 -------- d-----w- C:\windows\system32\wbem\Repository
    2011-01-10 23:19:23 . 2011-01-15 23:09:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\WinZip
    2011-01-10 23:19:21 . 2011-01-10 23:19:21 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2011-01-10 23:03:35 . 2011-01-12 17:04:33 -------- d-----w- C:\windows\Debug
    2011-01-10 16:31:38 . 2011-01-21 14:24:27 -------- d-----w- C:\windows\system32\wbem\Logs
    2010-12-26 03:02:31 . 2010-12-26 03:02:31 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
    2010-12-25 02:38:54 . 2010-12-21 00:09:00 38224 ------w- C:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-25 02:38:52 . 2010-12-25 02:41:57 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-12-25 02:38:52 . 2010-12-21 00:08:40 20952 ------w- C:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12:44 . 2009-02-04 15:20:54 81920 ----a-w- C:\windows\system32\isign32.dll
    2010-11-09 14:52:35 . 2004-08-04 12:00:00 249856 ----a-w- C:\windows\system32\odbc32.dll
    2010-11-06 00:34:12 . 2004-08-04 12:00:00 832512 ----a-w- C:\windows\system32\wininet.dll
    2010-11-06 00:34:11 . 2009-10-10 13:56:48 78336 ----a-w- C:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 . 2001-08-30 10:30:00 1830912 ------w- C:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 . 2001-08-30 10:30:00 17408 ----a-w- C:\windows\system32\corpol.dll
    2010-11-03 19:12:22 . 2010-06-21 21:42:38 409600 ------w- C:\windows\system32\wrap_oal.dll
    2010-11-03 12:25:53 . 2004-08-04 12:00:00 389120 ------w- C:\windows\system32\html.iec
    2010-11-02 20:53:46 . 2010-11-02 20:53:46 12 ----a-w- C:\windows\Fonts\wfonts.key
    2010-11-02 15:17:02 . 2009-10-31 18:34:52 40960 ----a-w- C:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13:22 . 2001-08-30 10:30:00 290048 ----a-w- C:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 . 2009-10-31 18:34:54 1853312 ----a-w- C:\windows\system32\win32k.sys
    2007-01-09 20:35:30 . 2009-09-28 21:02:42 3035136 -c----w- C:\Program Files\Common Files\AdvrCntr2.dll
    .

    Please advise if there is something more you want me to do and please let me know if how I proceeded with the above operations affected your analysis capabilities.

    Again thanks for your help, should I consider this thread resolved since I am now able to run msconfig, task manager, cmd and regedit?

    baldcajun
     
    baldcajun,
    #11
  13. 2011/01/21
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    :)broni,

    Just thought about seeing if the problem (mentioned in my original post) of not being able to open HIDsev was still a problem. Glad to say it isn't.:)

    Thanks again.

    baldcajun
     
    baldcajun,
    #12
  14. 2011/01/21
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    After reading again the user guide, I will attempt to show my thread as resolved. However, I don't see that option listed under thread tool as the article I read about said it would be. After posting this reply I thought it would give me the option indicating my thread had been resolved, but it does not appear. What am I doing wrong?

    baldcajun
     
    Last edited: 2011/01/21
    baldcajun,
    #13
  15. 2011/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You did very well, but...
    We're not done yet :)
    We have to make sure, your computer is totally clean.

    Combofix log, you posted is incomplete.
    Please, repost.
     
    broni,
    #14
  16. 2011/01/22
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    Broni,

    Finally got the complete CombFix.text file.

    ComboFix 11-01-22.01 - Owner 01/22/2011 18:52:53.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.273 [GMT -6:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Owner\My Documents\DPE.DUS
    C:\Thumbs.db
    c:\windows\desktop\Instal~1.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
    .

    2011-01-22 22:27 . 2011-01-22 22:27 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2367BD0-1439-4DFF-AE95-1E36834B5A00}\MpKsle1fd657f.sys
    2011-01-22 03:14 . 2011-01-22 03:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
    2011-01-22 02:53 . 2011-01-13 07:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2367BD0-1439-4DFF-AE95-1E36834B5A00}\mpengine.dll
    2011-01-22 02:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-22 02:48 . 2011-01-22 02:49 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-21 17:18 . 2011-01-21 17:20 -------- d-----w- C:\Floyd's ComboFix files
    2011-01-21 16:10 . 2010-10-14 04:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-01-21 16:10 . 2010-10-14 04:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
    2011-01-21 16:10 . 2010-10-14 04:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-01-21 16:10 . 2010-10-14 04:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-01-21 16:10 . 2010-10-14 04:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-01-21 16:10 . 2010-10-14 04:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-01-21 16:10 . 2010-10-14 04:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-01-21 16:05 . 2010-10-14 04:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-01-16 21:33 . 2010-11-30 00:28 4199768 ----a-w- c:\windows\system32\cdintf400.dll
    2011-01-16 21:32 . 2011-01-16 21:36 -------- d-----w- c:\program files\Quicken
    2011-01-16 16:44 . 2011-01-16 16:44 -------- d-sh--w- c:\documents and settings\Owner\UserData
    2011-01-16 16:10 . 2011-01-17 14:33 -------- d-----w- C:\office uninstall tool
    2011-01-11 23:07 . 2011-01-12 02:47 -------- d-s---w- c:\windows\Downloaded Program Files
    2011-01-11 20:42 . 2011-01-11 20:42 -------- d-----w- C:\EmergencyUtils
    2011-01-10 23:19 . 2011-01-10 23:19 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-10 23:19 . 2011-01-15 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2011-01-10 23:19 . 2011-01-10 23:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-01-10 23:03 . 2011-01-12 17:04 -------- d-----w- c:\windows\Debug
    2011-01-10 16:31 . 2011-01-23 00:51 -------- d-----w- c:\windows\system32\wbem\Logs
    2010-12-26 03:02 . 2010-12-26 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-12-25 02:38 . 2010-12-21 00:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-25 02:38 . 2010-12-25 02:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-25 02:38 . 2010-12-21 00:08 20952 ------w- c:\windows\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2009-02-04 15:20 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34 . 2009-10-10 13:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34 . 2001-08-30 10:30 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34 . 2001-08-30 10:30 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-11-03 19:12 . 2010-06-21 21:42 409600 ------w- c:\windows\system32\wrap_oal.dll
    2010-11-03 12:25 . 2004-08-04 12:00 389120 ------w- c:\windows\system32\html.iec
    2010-11-02 20:53 . 2010-11-02 20:53 12 ----a-w- c:\windows\Fonts\wfonts.key
    2010-11-02 15:17 . 2009-10-31 18:34 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2001-08-30 10:30 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2009-10-31 18:34 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-25 03:25 . 2010-10-25 03:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2007-01-09 20:35 . 2009-09-28 21:02 3035136 -c----w- c:\program files\Common Files\AdvrCntr2.dll
    2010-10-14 04:28 . 2011-01-21 16:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2003-11-18 118784]
    "Hot Key Kbd 9910 Daemon "= "SK9910DM.EXE" [2001-01-03 66048]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-11-14 221247]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1723:TCP "= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP "= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP "= 500:UDP:mad:xpsp2res.dll,-22017
    "9212:TCP "= 9212:TCP:SkyCaddie Desktop
    "9210:UDP "= 9210:UDP:SkyCaddie Desktop

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/21/2011 10:10 AM 84072]
    R1 MpKsle1fd657f;MpKsle1fd657f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2367BD0-1439-4DFF-AE95-1E36834B5A00}\MpKsle1fd657f.sys [1/22/2011 4:27 PM 28752]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/21/2011 10:11 AM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/21/2011 10:05 AM 141792]
    R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080]
    R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/21/2011 10:10 AM 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/21/2011 10:10 AM 88544]
    R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/21/2011 10:10 AM 271480]
    S2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/21/2011 10:10 AM 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/21/2011 10:10 AM 271480]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/21/2011 10:10 AM 55840]
    S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/21/2011 10:10 AM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/21/2011 10:10 AM 84264]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S4 BabylonIM Coordinator;BabylonIM Coordinator; "c:\progra~1\BABYLO~1\Bandoo.exe" --> c:\progra~1\BABYLO~1\Bandoo.exe [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MPKSLE1FD657F
    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2010-11-28 c:\windows\Tasks\HP DArC Task 2003-04-11 09:53ewlett-PackardHewlett-Packard Companyeskjet5600000000000010.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-11 20:25]

    2011-01-22 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

    2011-01-23 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

    2011-01-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2011-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1383384898-682003330-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2011-01-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2011-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1383384898-682003330-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

    2011-01-22 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

    2011-01-17 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ww2.cox.com/myconnection/greaterlouisiana/home.cox
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    Trusted Zone: microsoft.com\www.update
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=14055
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://batonrouge.cox.net/cci/home
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: ShopSafe: shopsafe@orbiscom - c:\program files\ShopSafe
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-22 19:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2944)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-22 19:06:34
    ComboFix-quarantined-files.txt 2011-01-23 01:06

    Pre-Run: 82,933,313,536 bytes free
    Post-Run: 82,992,189,440 bytes free

    - - End Of File - - 0C0A5A141815CED3AAA11584ED53ED5C
     
    baldcajun,
    #15
  17. 2011/01/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're running two AV programs, McAfee and Microsoft Security Essentials.
    One of them has to go.
    If McAfee (preferably), make sure to use this tool to remove it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    ==================================================================

    Uninstall RegCure.

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================================================

    Combofix log looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #16
  18. 2011/01/24
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    OTL logfile created on: 1/24/2011 7:50:58 AM - Run 1
    OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    759.00 Mb Total Physical Memory | 360.00 Mb Available Physical Memory | 47.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 115.89 Gb Total Space | 77.26 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
    Drive G: | 149.04 Gb Total Space | 112.42 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
    Drive H: | 115.50 Gb Total Space | 114.87 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
    Drive I: | 116.62 Gb Total Space | 116.55 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
    Drive J: | 117.75 Gb Total Space | 117.68 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

    Computer Name: RETIREE-S4NG95R | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2010/12/01 10:39:38 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    PRC - [2001/01/03 13:50:56 | 000,066,048 | ---- | M] (Silitek Corporation) -- C:\WINDOWS\system32\SK9910DM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (NBService)
    SRV - File not found [On_Demand | Stopped] -- -- (McODS)
    SRV - File not found [Disabled | Stopped] -- -- (BabylonIM Coordinator)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/02/04 10:26:14 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
    SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/24 07:26:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA26B7E9-B943-4F99-B825-A9FC12469735}\MpKsl3c0b6e10.sys -- (MpKsl3c0b6e10)
    DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/01/22 16:06:34 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
    DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
    DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
    DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
    DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
    DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
    DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
    DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
    DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
    DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
    DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
    DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2006/04/13 13:09:00 | 000,204,160 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
    DRV - [2005/07/27 16:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
    DRV - [2005/07/27 16:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
    DRV - [2005/07/27 16:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
    DRV - [2005/05/27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2004/10/08 10:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
    DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2003/11/30 20:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2002/10/14 23:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
    DRV - [2002/10/14 23:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
    DRV - [2002/05/06 18:13:00 | 001,106,464 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem)
    DRV - [2002/04/11 18:02:00 | 000,991,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2002/04/11 18:02:00 | 000,834,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2002/04/11 18:02:00 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2002/04/11 18:02:00 | 000,195,268 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2002/04/11 18:02:00 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2002/04/11 18:02:00 | 000,114,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2002/04/11 18:02:00 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2002/02/28 08:26:46 | 000,643,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
    DRV - [2002/02/28 08:24:46 | 000,110,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
    DRV - [2001/08/17 07:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
    DRV - [2001/08/01 15:36:18 | 000,348,169 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
    DRV - [2000/09/11 23:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
    DRV - [2000/09/11 17:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sk99202k.sys -- (Sk99202k)
    DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/greaterlouisiana/home.cox
    IE - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon) "
    FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=14055 "
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon) "
    FF - prefs.js..browser.search.selectedEngine: "Yahoo "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://batonrouge.cox.net/cci/home "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: shopsafe@orbiscom:3.4.10.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
    FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q= "
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1 "

    FF - HKLM\software\mozilla\Firefox\Extensions\\shopsafe@orbiscom: C:\Program Files\ShopSafe [2010/05/04 22:27:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/12 20:38:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/21 20:18:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/21 10:10:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 17:59:20 | 000,000,000 | ---D | M]

    [2010/01/21 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/01/22 18:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\extensions
    [2010/04/27 16:03:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/01 11:27:37 | 000,000,000 | ---D | M] ( "BetterPrivacy ") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    [2009/07/16 17:53:55 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\searchplugins\live-search.xml
    [2011/01/22 18:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/12 20:38:45 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2010/01/21 15:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/01/21 20:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2010/05/04 22:27:43 | 000,000,000 | ---D | M] (ShopSafe) -- C:\PROGRAM FILES\SHOPSAFE
    [2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

    O1 HOSTS File: ([2011/01/21 09:17:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (ShopSafeBrowserHelper Class) - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files\ShopSafe\BhoSSafe.dll (Orbiscom Ltd. All rights reserved.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110121101056.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
    O3 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] C:\windows\System32\SK9910DM.EXE (Silitek Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1383384898-682003330-1003\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255116240875 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234735909296 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.30.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/24 08:07:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/09/24 08:07:05 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/24 07:47:27 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/01/23 19:24:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/01/22 17:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ComboFix
    [2011/01/21 21:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
    [2011/01/21 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/01/21 11:18:38 | 000,000,000 | ---D | C] -- C:\Floyd's ComboFix files
    [2011/01/21 10:10:56 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeclnk.sys
    [2011/01/21 10:10:48 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfefirek.sys
    [2011/01/21 10:10:48 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfendisk.sys
    [2011/01/21 10:10:48 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdet.sys
    [2011/01/21 10:10:48 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfetdi2k.sys
    [2011/01/21 10:10:48 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\cfwids.sys
    [2011/01/21 10:05:00 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\mfevtps.exe
    [2011/01/21 09:07:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/21 09:05:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2011/01/21 09:05:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/01/21 09:05:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/01/21 09:05:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/01/21 08:49:19 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/01/21 08:48:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/17 19:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer
    [2011/01/17 13:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
    [2011/01/16 15:33:03 | 004,199,768 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\windows\System32\cdintf400.dll
    [2011/01/16 15:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2011
    [2011/01/16 15:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
    [2011/01/16 10:44:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
    [2011/01/16 10:10:09 | 000,000,000 | ---D | C] -- C:\office uninstall tool
    [2011/01/11 17:07:32 | 000,000,000 | --SD | C] -- C:\windows\Downloaded Program Files
    [2011/01/11 14:42:24 | 000,000,000 | ---D | C] -- C:\EmergencyUtils
    [2011/01/10 17:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2011/01/10 17:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/01/10 17:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2011/01/10 17:03:35 | 000,000,000 | ---D | C] -- C:\windows\Debug
    [2011/01/10 12:10:36 | 000,000,000 | -HSD | C] -- C:\windows\TEMP
    [2011/01/10 12:10:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies
    [2010/12/25 21:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2009/09/28 15:02:42 | 003,035,136 | ---- | C] (Nero AG) -- C:\Program Files\Common Files\AdvrCntr2.dll
    [2007/04/09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\windows\System32\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/24 08:00:35 | 000,000,390 | -H-- | M] () -- C:\windows\tasks\MpIdleTask.job
    [2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/01/24 07:42:22 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1383384898-682003330-1003.job
    [2011/01/24 07:42:22 | 000,000,278 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1383384898-682003330-1003.job
    [2011/01/24 07:31:48 | 000,000,424 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
    [2011/01/24 07:26:20 | 000,000,280 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2011/01/24 07:26:12 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/01/24 07:26:10 | 795,660,288 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/23 22:10:28 | 000,023,244 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
    [2011/01/23 22:10:28 | 000,023,244 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
    [2011/01/23 22:10:28 | 000,018,648 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
    [2011/01/23 22:10:28 | 000,018,648 | ---- | M] () -- C:\windows\System32\BMXState-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
    [2011/01/23 22:10:28 | 000,001,080 | ---- | M] () -- C:\windows\System32\settingsbkup.sfm
    [2011/01/23 22:10:28 | 000,001,080 | ---- | M] () -- C:\windows\System32\settings.sfm
    [2011/01/23 22:10:28 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCStateBkp-{00000001-00000000-00000002-00001102-00000004-00581102}.dat
    [2011/01/23 22:10:28 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCState-{00000001-00000000-00000002-00001102-00000004-00581102}.dat
    [2011/01/23 17:35:26 | 000,000,766 | ---- | M] () -- C:\windows\tasks\McAfee Cleanup.job
    [2011/01/23 17:27:49 | 000,013,668 | ---- | M] () -- C:\windows\System32\wpa.dbl
    [2011/01/22 19:52:11 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GOLF HANDICAP CALCULATIONS.xls
    [2011/01/22 19:50:39 | 000,259,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Golf Bets.xls
    [2011/01/22 18:39:02 | 004,159,359 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/01/22 17:00:01 | 000,000,390 | ---- | M] () -- C:\windows\tasks\RegCure Program Check.job
    [2011/01/21 20:49:36 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2011/01/21 18:34:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
    [2011/01/21 10:18:02 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
    [2011/01/21 09:56:34 | 000,000,217 | RHS- | M] () -- C:\boot.ini
    [2011/01/21 09:50:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2011/01/21 09:17:37 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2011/01/18 16:15:53 | 000,968,192 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GIN SCORES.xls
    [2011/01/18 13:30:13 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Logs for submission to Windowsbbs.doc
    [2011/01/18 13:02:34 | 000,255,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2011/01/17 20:27:04 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdasetup.exe
    [2011/01/17 13:52:00 | 000,000,372 | ---- | M] () -- C:\windows\tasks\RegCure.job
    [2011/01/17 13:48:14 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
    [2011/01/17 10:54:24 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Patrick Thomas Toups.doc
    [2011/01/17 10:10:35 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/01/16 17:55:12 | 027,918,336 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Qdata1 20090303new1_200903201_20090511_20090512_20090529_20090618_20090621_20090626_20090807_20090817_20090825_2009082611_201007251-2011-01-16.QDF-backup
    [2011/01/16 15:33:02 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
    [2011/01/16 15:33:02 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Credit Report and Score.url
    [2011/01/16 15:32:56 | 000,000,165 | ---- | M] () -- C:\windows\QUICKEN.INI
    [2011/01/16 15:28:15 | 013,894,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Quicken_WillMaker_Plus_2011.exe
    [2011/01/15 19:47:07 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Paper jams LaserJet 4L.doc
    [2011/01/15 16:59:05 | 000,000,278 | ---- | M] () -- C:\windows\hpqcopy.INI
    [2011/01/14 12:50:23 | 000,215,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Belarc Analysis 1 14 2011.htm
    [2011/01/12 17:42:45 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\THE ANGELUS.doc
    [2011/01/11 18:00:08 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
    [2011/01/11 17:24:54 | 119,976,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\registry back up 1 11 2011.reg
    [2011/01/10 13:37:26 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/01/10 10:28:55 | 000,000,055 | ---- | M] () -- C:\0.bak
    [2011/01/09 19:08:10 | 000,001,891 | ---- | M] () -- C:\windows\imsins.BAK
    [2011/01/07 17:04:18 | 001,260,519 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Patrick from Kelly 1-7-11.jpg
    [2011/01/01 19:29:25 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Group Handicaps.xls
    [2010/12/31 15:52:39 | 000,000,587 | ---- | M] () -- C:\0

    ========== Files Created - No Company Name ==========
     
    baldcajun,
    #17
  19. 2011/01/24
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    ========== Files Created - No Company Name ==========

    [2011/01/23 17:35:25 | 000,000,766 | ---- | C] () -- C:\windows\tasks\McAfee Cleanup.job
    [2011/01/22 18:38:42 | 004,159,359 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    [2011/01/21 20:54:23 | 000,000,424 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
    [2011/01/21 20:54:22 | 000,000,390 | -H-- | C] () -- C:\windows\tasks\MpIdleTask.job
    [2011/01/21 20:49:36 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2011/01/21 20:49:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/01/21 09:07:08 | 000,000,100 | ---- | C] () -- C:\Boot.bak
    [2011/01/21 09:07:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/21 09:05:27 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2011/01/21 09:05:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/01/21 09:05:27 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
    [2011/01/21 09:05:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/01/21 09:05:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/01/18 13:30:13 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Logs for submission to Windowsbbs.doc
    [2011/01/17 22:07:43 | 000,293,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/01/17 20:26:51 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdasetup.exe
    [2011/01/17 13:48:14 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
    [2011/01/17 10:10:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/01/16 17:55:12 | 027,918,336 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Qdata1 20090303new1_200903201_20090511_20090512_20090529_20090618_20090621_20090626_20090807_20090817_20090825_2009082611_201007251-2011-01-16.QDF-backup
    [2011/01/16 15:33:02 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
    [2011/01/16 15:33:02 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Credit Report and Score.url
    [2011/01/16 15:28:15 | 013,894,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Quicken_WillMaker_Plus_2011.exe
    [2011/01/15 19:47:06 | 000,214,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Paper jams LaserJet 4L.doc
    [2011/01/14 12:50:22 | 000,215,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Belarc Analysis 1 14 2011.htm
    [2011/01/12 10:59:53 | 795,660,288 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/11 17:23:09 | 119,976,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\registry back up 1 11 2011.reg
    [2011/01/10 13:37:25 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/01/10 10:28:54 | 000,000,055 | ---- | C] () -- C:\0.bak
    [2011/01/07 17:04:17 | 001,260,519 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Patrick from Kelly 1-7-11.jpg
    [2010/12/19 09:32:40 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
    [2010/11/03 15:51:14 | 000,000,231 | ---- | C] () -- C:\windows\AC3API.INI
    [2010/11/03 15:49:33 | 000,034,917 | ---- | C] () -- C:\windows\System32\Emu10kx.ini
    [2010/11/03 15:49:10 | 000,000,166 | ---- | C] () -- C:\windows\System32\kill.ini
    [2010/11/01 12:34:56 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
    [2010/10/31 14:43:40 | 000,000,258 | ---- | C] () -- C:\windows\System32\UPDATE.INI
    [2010/10/27 13:33:15 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini
    [2010/09/20 13:01:10 | 000,053,024 | ---- | C] () -- C:\windows\System32\UPDDRV9X.DLL
    [2010/09/20 13:00:57 | 000,000,092 | ---- | C] () -- C:\windows\System32\editinf.ini
    [2010/09/10 09:23:53 | 000,003,072 | ---- | C] () -- C:\windows\CTXFIRES.DLL
    [2010/07/15 16:27:07 | 000,000,338 | ---- | C] () -- C:\windows\PrintScreen.INI
    [2010/07/15 14:57:40 | 000,000,338 | ---- | C] () -- C:\windows\PRINTS~1.INI
    [2010/07/03 19:37:49 | 000,000,157 | ---- | C] () -- C:\windows\cdplayer.ini
    [2010/03/14 11:29:43 | 000,000,393 | ---- | C] () -- C:\windows\PCDES.INI
    [2009/12/09 11:34:15 | 000,000,783 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.tif
    [2009/12/09 11:34:15 | 000,000,566 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.dat
    [2009/12/09 11:29:40 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.tif
    [2009/12/09 11:29:40 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.dat
    [2009/10/27 12:27:24 | 000,147,456 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
    [2009/10/27 10:59:22 | 000,006,812 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
    [2009/10/10 14:37:18 | 000,016,243 | ---- | C] () -- C:\windows\FlpLabel.ini
    [2009/10/07 08:57:12 | 000,147,456 | ---- | C] () -- C:\windows\System32\VegaShEx.dll
    [2009/10/07 08:57:06 | 000,308,224 | ---- | C] () -- C:\windows\System32\Lffpx7.dll
    [2009/10/07 08:57:06 | 000,091,136 | ---- | C] () -- C:\windows\System32\Lfkodak.dll
    [2009/09/25 19:03:06 | 000,000,940 | ---- | C] () -- C:\windows\hpdj5600.ini
    [2009/09/25 19:02:51 | 000,000,478 | ---- | C] () -- C:\windows\hpbvspst.ini
    [2009/09/25 18:48:43 | 000,000,208 | ---- | C] () -- C:\windows\System32\oeminfo.ini
    [2009/09/25 18:48:27 | 000,126,976 | ---- | C] () -- C:\windows\System32\unzdll.dll
    [2009/09/23 12:09:20 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
    [2009/08/15 10:46:52 | 000,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
    [2009/08/14 17:05:23 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/01 21:31:43 | 000,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
    [2009/04/05 10:58:50 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
    [2009/02/13 10:30:11 | 000,000,041 | ---- | C] () -- C:\windows\MSREGUSR.INI
    [2009/02/08 16:41:44 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\lakerda1967.sys
    [2009/02/08 16:39:47 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\docXConverter (3).ini
    [2009/02/06 16:31:32 | 000,005,582 | ---- | C] () -- C:\windows\POWERUP.INI
    [2009/02/05 16:13:24 | 007,602,176 | ---- | C] () -- C:\windows\System32\vaengine.dll
    [2009/02/05 15:32:03 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2009/02/05 14:18:23 | 000,000,165 | ---- | C] () -- C:\windows\QUICKEN.INI
    [2009/02/04 23:11:56 | 000,000,278 | ---- | C] () -- C:\windows\hpqcopy.INI
    [2009/02/04 22:58:52 | 000,028,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPCOM_48BitScanUpdate.log
    [2009/02/04 22:58:52 | 000,000,214 | ---- | C] () -- C:\windows\HP_48BitScanUpdatePatch.ini
    [2009/02/04 10:39:35 | 000,000,317 | ---- | C] () -- C:\windows\SBWIN.INI
    [2009/02/04 10:29:01 | 000,262,144 | ---- | C] () -- C:\windows\System32\shpshftr.dll
    [2008/02/05 12:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\setup.txt
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
    [2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\windows\System32\APOMgrH.dll
    [2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\windows\System32\instwdm.ini
    [2007/04/09 11:55:14 | 000,000,029 | ---- | C] () -- C:\windows\System32\ctzapxx.ini
    [2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\windows\System32\CTBurst.dll
    [2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\windows\System32\ctmmactl.dll
    [2004/07/10 17:55:38 | 000,252,416 | ---- | C] () -- C:\windows\System32\wsiShared.dll
    [2004/04/09 15:16:08 | 007,602,176 | ---- | C] () -- C:\windows\System32\vaesaver.dll

    ========== LOP Check ==========

    [2010/01/21 14:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/01/21 14:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2010/12/10 14:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/01/21 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/01/21 14:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
    [2011/01/10 17:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/01/21 14:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2010/01/21 14:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkyGolf
    [2010/01/21 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/10/22 12:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2011/01/15 17:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/08/25 15:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/21 14:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/01/21 14:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2010/01/21 14:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\$CUERoot$
    [2010/01/21 14:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3D-Album-PS
    [2010/01/21 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
    [2010/01/21 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/11/12 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
    [2010/11/12 09:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
    [2010/01/21 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
    [2010/06/03 19:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
    [2010/11/12 09:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
    [2010/01/21 14:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SkyGolf
    [2010/01/21 14:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
    [2010/01/21 14:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\visviva
    [2010/06/18 15:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
    [2010/06/21 08:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
    [2011/01/11 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wsInspector
    [2011/01/24 07:31:48 | 000,000,424 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job
    [2011/01/24 08:00:35 | 000,000,390 | -H-- | M] () -- C:\windows\Tasks\MpIdleTask.job
    [2011/01/22 17:00:01 | 000,000,390 | ---- | M] () -- C:\windows\Tasks\RegCure Program Check.job
    [2011/01/17 13:52:00 | 000,000,372 | ---- | M] () -- C:\windows\Tasks\RegCure.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/31 15:52:39 | 000,000,587 | ---- | M] () -- C:\0
    [2011/01/10 10:28:55 | 000,000,055 | ---- | M] () -- C:\0.bak
    [2002/04/18 12:57:12 | 000,204,047 | ---- | M] () -- C:\0720005_MED.jpg
    [2002/04/15 05:18:38 | 000,003,595 | ---- | M] () -- C:\2D_06-over.gif
    [2002/04/15 05:18:38 | 000,003,247 | ---- | M] () -- C:\2D_06.gif
    [1999/09/03 11:50:42 | 000,003,426 | ---- | M] () -- C:\3D Pyramid.lay
    [1999/12/30 18:29:08 | 000,135,713 | ---- | M] () -- C:\3D Stone.jpg
    [2002/04/19 16:36:12 | 000,193,522 | ---- | M] () -- C:\427.jpg
    [2002/04/11 11:34:58 | 000,448,741 | ---- | M] () -- C:\70s.jpg
    [2002/04/10 11:46:38 | 000,087,358 | ---- | M] () -- C:\A Touch of Colour.jpg
    [2002/01/30 03:36:46 | 000,001,902 | ---- | M] () -- C:\about.gif
    [2002/04/19 05:00:24 | 000,002,842 | ---- | M] () -- C:\about.htm
    [2002/01/30 03:38:54 | 000,001,961 | ---- | M] () -- C:\aboutdown.gif
    [2002/01/30 03:36:32 | 000,001,966 | ---- | M] () -- C:\abouton.gif
    [2000/05/11 05:35:52 | 000,003,463 | ---- | M] () -- C:\Abstract Building.lay
    [2002/04/11 17:27:08 | 000,344,148 | ---- | M] () -- C:\Actual Tiles 2.jpg
    [2002/04/11 17:27:26 | 000,350,268 | ---- | M] () -- C:\Actual Tiles 3.jpg
    [2002/04/11 17:26:50 | 000,345,347 | ---- | M] () -- C:\Actual Tiles.jpg
    [2002/04/22 13:53:52 | 000,113,082 | ---- | M] () -- C:\Africa.jpg
    [2002/04/22 12:18:40 | 000,146,114 | ---- | M] () -- C:\Alarm Clock.jpg
    [2002/04/10 09:51:40 | 000,254,003 | ---- | M] () -- C:\Alphabet Ice.jpg
    [2002/04/10 09:51:50 | 000,268,615 | ---- | M] () -- C:\Alphabet Metal.jpg
    [2002/04/10 09:51:30 | 000,220,795 | ---- | M] () -- C:\Alphabet Plasma Fire.jpg
    [2002/04/10 09:52:04 | 000,379,519 | ---- | M] () -- C:\Alphabet Stone.jpg
    [2002/04/10 09:51:06 | 000,243,400 | ---- | M] () -- C:\Alphabet Wood.jpg
    [2002/04/12 10:05:24 | 000,371,711 | ---- | M] () -- C:\Alphabet.jpg
    [2002/04/11 17:27:42 | 000,261,621 | ---- | M] () -- C:\Amazonite.jpg
    [2002/04/12 08:49:10 | 000,410,961 | ---- | M] () -- C:\Amethyst.jpg
    [2000/06/11 21:26:02 | 000,113,049 | ---- | M] () -- C:\Ancient.jpg
    [2000/03/23 09:48:00 | 000,003,440 | ---- | M] () -- C:\Angel.lay
    [2002/04/11 17:24:06 | 000,408,922 | ---- | M] () -- C:\Animal Prints.jpg
    [2002/04/11 17:24:24 | 000,271,867 | ---- | M] () -- C:\Animals.jpg
    [2002/04/22 14:04:18 | 000,220,832 | ---- | M] () -- C:\Apple and Peach.jpg
    [2002/04/22 11:40:14 | 000,209,027 | ---- | M] () -- C:\Arch.jpg
    [1998/11/20 16:03:24 | 000,003,435 | ---- | M] () -- C:\Arena.lay
    [2002/04/01 11:57:54 | 000,057,282 | ---- | M] () -- C:\Arrow.jpg
    [2002/04/12 09:58:38 | 000,594,564 | ---- | M] () -- C:\Arrows.jpg
    [2002/04/22 13:54:36 | 000,135,980 | ---- | M] () -- C:\Asia.jpg
    [2002/04/22 11:58:34 | 000,106,903 | ---- | M] () -- C:\Asteroid.jpg
    [1998/09/25 13:31:22 | 000,082,650 | ---- | M] () -- C:\Astral Dream.mid
    [2002/04/22 13:55:10 | 000,078,066 | ---- | M] () -- C:\Australia.jpg
    [2009/09/24 08:07:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2002/01/30 07:26:08 | 000,002,152 | ---- | M] () -- C:\back.gif
    [2002/01/30 07:26:46 | 000,002,157 | ---- | M] () -- C:\backdown.gif
    [2002/01/30 07:26:22 | 000,002,128 | ---- | M] () -- C:\backon.gif
    [2002/04/12 08:49:32 | 000,331,883 | ---- | M] () -- C:\Bakelite.jpg
    [2002/04/22 15:40:14 | 000,138,647 | ---- | M] () -- C:\Balloon.jpg
    [2002/04/22 15:41:24 | 000,139,200 | ---- | M] () -- C:\Balloon2.jpg
    [2002/04/22 15:40:52 | 000,115,679 | ---- | M] () -- C:\Balloons.jpg
    [2002/04/23 17:07:00 | 000,000,141 | ---- | M] () -- C:\Balloons.txt
    [2002/04/22 15:39:42 | 000,152,493 | ---- | M] () -- C:\Balloons2.jpg
    [2001/01/27 23:28:14 | 000,021,558 | ---- | M] () -- C:\Balls.bmp
    [2000/10/25 11:44:54 | 000,434,514 | ---- | M] () -- C:\Bamboo.jpg
    [2002/04/22 12:13:52 | 000,214,594 | ---- | M] () -- C:\Barn.jpg
    [2002/04/19 16:31:36 | 000,137,256 | ---- | M] () -- C:\Basketball.jpg
    [2002/04/22 12:21:08 | 000,154,374 | ---- | M] () -- C:\Bathtime.jpg
    [2002/04/19 16:54:36 | 000,129,435 | ---- | M] () -- C:\Beach.jpg
    [2002/04/22 17:00:26 | 000,461,481 | ---- | M] () -- C:\Beads.jpg
    [2002/04/22 12:13:00 | 000,149,167 | ---- | M] () -- C:\Beams.jpg
    [1998/11/20 16:03:34 | 000,003,436 | ---- | M] () -- C:\Beatle.lay
    [2002/04/16 11:25:10 | 000,368,023 | ---- | M] () -- C:\Beech.jpg
    [2001/06/19 12:13:46 | 000,001,068 | ---- | M] () -- C:\beep.wav
    [2002/04/22 14:03:46 | 000,275,137 | ---- | M] () -- C:\Berry Wreath.jpg
    [2002/02/04 07:09:16 | 000,007,047 | ---- | M] () -- C:\bhelp.htm
    [1999/05/06 17:33:18 | 000,003,438 | ---- | M] () -- C:\Big Hole.lay
    [2002/04/22 15:37:14 | 000,158,353 | ---- | M] () -- C:\Big Rig.jpg
    [2000/10/25 11:44:50 | 000,241,138 | ---- | M] () -- C:\Big Sky.jpg
    [2002/04/22 15:30:56 | 000,183,537 | ---- | M] () -- C:\Bike Path.jpg
    [2009/08/17 19:44:01 | 000,000,092 | ---- | M] () -- C:\BIOSID.TXT
    [2002/04/22 17:01:12 | 000,512,871 | ---- | M] () -- C:\Birds.jpg
    [1998/11/20 16:11:32 | 000,003,440 | ---- | M] () -- C:\Bizarre.lay
    [2000/03/07 15:04:14 | 000,071,510 | ---- | M] () -- C:\Black Dominoes.jpg
    [2002/04/22 14:32:24 | 000,341,534 | ---- | M] () -- C:\Black Pattern.jpg
    [2002/04/18 15:53:56 | 000,085,442 | ---- | M] () -- C:\Black Satin.jpg
    [2002/04/22 15:27:28 | 000,310,998 | ---- | M] () -- C:\Black.jpg
    [2002/04/02 14:53:54 | 000,003,426 | ---- | M] () -- C:\Blocks.lay
    [2002/04/19 16:47:24 | 000,142,363 | ---- | M] () -- C:\Blower.jpg
    [2002/04/19 16:48:14 | 000,092,501 | ---- | M] () -- C:\Blower2.jpg
    [2002/04/22 14:22:58 | 000,154,539 | ---- | M] () -- C:\Blue Cord.jpg
    [2002/04/18 15:38:22 | 000,301,430 | ---- | M] () -- C:\Blue Cotton.jpg
    [2002/04/08 12:47:24 | 000,043,475 | ---- | M] () -- C:\blue marble.jpg
    [2000/08/28 11:45:56 | 000,005,483 | ---- | M] () -- C:\Blue.jpg
    [2002/04/19 16:59:42 | 000,155,312 | ---- | M] () -- C:\Boat.jpg
    [1998/11/20 16:11:48 | 000,003,437 | ---- | M] () -- C:\Boat.lay
    [2002/04/22 12:09:18 | 000,212,409 | ---- | M] () -- C:\Boats.jpg
    [2002/04/01 11:58:42 | 000,087,156 | ---- | M] () -- C:\Bonafide.jpg
    [2002/04/22 13:59:44 | 000,178,625 | ---- | M] () -- C:\Books.jpg
    [2010/01/22 15:20:04 | 000,000,100 | ---- | M] () -- C:\Boot.bak
    [2011/01/21 09:56:34 | 000,000,217 | RHS- | M] () -- C:\boot.ini
    [2002/04/15 05:16:42 | 000,010,985 | ---- | M] () -- C:\bottom_05.gif
    [2002/04/19 16:12:58 | 000,162,810 | ---- | M] () -- C:\Bowling.jpg
    [2002/04/19 16:54:00 | 000,200,457 | ---- | M] () -- C:\Bows.jpg
    [2002/04/10 09:49:34 | 000,129,177 | ---- | M] () -- C:\braille.jpg
    [2002/04/12 08:49:50 | 000,309,873 | ---- | M] () -- C:\Brass.jpg
    [2002/04/12 08:50:06 | 000,378,744 | ---- | M] () -- C:\Brick.jpg
    [2002/04/23 15:05:36 | 000,000,134 | ---- | M] () -- C:\Brick.txt
    [2000/08/02 16:44:22 | 000,009,060 | ---- | M] () -- C:\Bricks.jpg
    [2002/04/22 12:07:24 | 000,116,118 | ---- | M] () -- C:\Bridge.jpg
    [2002/04/22 12:08:46 | 000,167,105 | ---- | M] () -- C:\Bridge2.jpg
    [1999/08/13 09:48:00 | 000,003,425 | ---- | M] () -- C:\Bridging.lay
    [2002/04/16 11:30:50 | 000,297,513 | ---- | M] () -- C:\Bronze.jpg
    [2002/04/22 15:23:48 | 000,303,927 | ---- | M] () -- C:\Brook.jpg
    [2002/04/22 15:28:22 | 000,140,693 | ---- | M] () -- C:\Brushstrokes.jpg
    [2002/04/11 17:28:08 | 000,314,491 | ---- | M] () -- C:\Bubblepaper.jpg
    [2000/06/25 01:26:04 | 000,007,319 | ---- | M] () -- C:\Bubbles.jpg
    [2002/04/22 12:09:50 | 000,165,109 | ---- | M] () -- C:\Building.jpg
    [2001/10/16 22:33:00 | 000,049,206 | ---- | M] () -- C:\bumpmap.bmp
    [2002/04/15 14:15:40 | 000,010,183 | ---- | M] () -- C:\bumpthing1.jpg
    [2002/04/15 14:15:26 | 000,008,885 | ---- | M] () -- C:\bumpthing10.jpg
    [2002/04/15 14:15:38 | 000,009,666 | ---- | M] () -- C:\bumpthing2.jpg
    [2002/04/15 14:15:38 | 000,010,616 | ---- | M] () -- C:\bumpthing3.jpg
    [2002/04/15 14:15:36 | 000,010,760 | ---- | M] () -- C:\bumpthing4.jpg
    [2002/04/15 14:15:36 | 000,009,856 | ---- | M] () -- C:\bumpthing5.jpg
    [2002/04/15 14:15:34 | 000,008,868 | ---- | M] () -- C:\bumpthing6.jpg
    [2002/04/15 14:15:32 | 000,009,406 | ---- | M] () -- C:\bumpthing7.jpg
    [2002/04/15 14:15:30 | 000,010,728 | ---- | M] () -- C:\bumpthing8.jpg
    [2002/04/15 14:15:30 | 000,009,339 | ---- | M] () -- C:\bumpthing9.jpg
    [2002/04/12 08:50:24 | 000,450,231 | ---- | M] () -- C:\Burlap.jpg
    [2002/04/12 09:49:40 | 000,215,018 | ---- | M] () -- C:\Butterflies.jpg
    [2002/04/02 12:51:02 | 000,003,426 | ---- | M] () -- C:\Butterfly.lay
    [2002/04/16 11:32:36 | 000,307,056 | ---- | M] () -- C:\Butternut.jpg
    [2002/04/10 09:27:26 | 001,080,056 | ---- | M] () -- C:\Buttons.bmp
    [2002/04/10 11:48:32 | 000,135,976 | ---- | M] () -- C:\Buttons.jpg
    [2002/01/31 07:17:18 | 000,004,538 | ---- | M] () -- C:\buzz.wav
    [2002/04/22 12:05:32 | 000,169,849 | ---- | M] () -- C:\Cacti.jpg
    [2002/04/22 14:14:24 | 000,168,629 | ---- | M] () -- C:\Calculator.jpg
    [2002/04/01 11:58:04 | 000,085,259 | ---- | M] () -- C:\Calicol.jpg
    [2002/04/01 11:58:54 | 000,082,763 | ---- | M] () -- C:\Calligraphy.jpg
    [2002/04/22 12:08:08 | 000,153,784 | ---- | M] () -- C:\Canal.jpg
    [2002/04/22 12:08:26 | 000,129,819 | ---- | M] () -- C:\Canal2.jpg
    [2002/04/22 12:17:40 | 000,068,872 | ---- | M] () -- C:\Candle.jpg
    [2002/04/19 17:00:44 | 000,341,088 | ---- | M] () -- C:\Candy Eggs.jpg
    [2000/07/08 12:06:24 | 000,034,710 | ---- | M] () -- C:\Candy.bmp
    [2000/10/25 11:44:48 | 000,450,828 | ---- | M] () -- C:\Canvas.jpg
    [2002/04/22 11:38:52 | 000,181,840 | ---- | M] () -- C:\Canyon.jpg
    [2002/04/22 11:39:04 | 000,141,217 | ---- | M] () -- C:\Canyon2.jpg
    [2002/04/22 11:39:44 | 000,162,110 | ---- | M] () -- C:\Canyon3.jpg
    [2002/04/16 11:29:20 | 000,295,478 | ---- | M] () -- C:\Cardboard.jpg
    [2002/04/22 11:48:58 | 000,146,328 | ---- | M] () -- C:\Cargo.jpg
    [2002/04/03 12:12:50 | 000,234,061 | ---- | M] () -- C:\Carved Stone.jpg
    [2002/04/22 14:27:20 | 000,308,501 | ---- | M] () -- C:\Cash.jpg
    [2002/04/22 12:12:12 | 000,099,817 | ---- | M] () -- C:\Castle.jpg
    [1998/11/20 16:11:00 | 000,003,439 | ---- | M] () -- C:\Castle.lay
    [1999/02/09 12:48:44 | 000,003,429 | ---- | M] () -- C:\Cat and Mouse.lay
    [2002/04/22 12:25:16 | 000,136,381 | ---- | M] () -- C:\Cat Bath.jpg
    [2002/04/11 17:28:26 | 000,486,234 | ---- | M] () -- C:\Catalin.jpg
    [2002/04/22 12:14:22 | 000,300,916 | ---- | M] () -- C:\Cave.jpg
    [2002/04/22 14:13:42 | 000,058,335 | ---- | M] () -- C:\CDs.jpg
    [2002/04/12 08:50:42 | 000,306,488 | ---- | M] () -- C:\Cement.jpg
    [1998/11/20 16:06:12 | 000,003,440 | ---- | M] () -- C:\Ceremonial.lay
    [2002/04/15 12:24:06 | 000,008,732 | ---- | M] () -- C:\Charcoal.jpg
    [2002/04/02 11:32:22 | 000,003,426 | ---- | M] () -- C:\Chart.lay
    [2002/04/10 11:46:30 | 000,065,117 | ---- | M] () -- C:\Chass.jpg
    [2000/10/25 11:44:44 | 000,226,416 | ---- | M] () -- C:\Checkerboard.jpg
    [2002/04/22 17:01:04 | 000,395,192 | ---- | M] () -- C:\Checkered.jpg
    [2000/04/15 13:51:58 | 000,003,424 | ---- | M] () -- C:\Checkers.lay
    [2002/04/16 11:33:28 | 000,381,167 | ---- | M] () -- C:\Cherry.jpg
    [2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Chess - Bishop.lay
    [2000/10/16 00:30:34 | 000,003,438 | ---- | M] () -- C:\Chess - King.lay
    [2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Chess - Knight.lay
    [2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Chess - Pawn.lay
    [2000/10/16 00:30:34 | 000,003,439 | ---- | M] () -- C:\Chess - Queen.lay
    [2000/10/16 00:30:34 | 000,003,438 | ---- | M] () -- C:\Chess - Rook.lay
    [2002/04/16 11:16:00 | 000,322,883 | ---- | M] () -- C:\Chess.jpg
    [1999/06/21 14:52:54 | 000,112,889 | ---- | M] () -- C:\China.jpg
    [2002/04/12 09:43:16 | 000,189,492 | ---- | M] () -- C:\Christmas Decorations.jpg
    [2002/04/16 11:17:06 | 000,435,242 | ---- | M] () -- C:\Christmas Presents.jpg
    [2002/04/10 11:49:04 | 000,104,310 | ---- | M] () -- C:\Christop.jpg
    [2000/10/25 11:44:58 | 000,246,496 | ---- | M] () -- C:\Chrome.jpg
    [2002/04/22 15:04:28 | 000,283,193 | ---- | M] () -- C:\Circuit Board.jpg
    [2002/04/02 11:49:02 | 000,003,426 | ---- | M] () -- C:\City.lay
    [2001/09/21 21:17:52 | 000,061,746 | ---- | M] () -- C:\Classic.jpg
    [2002/04/01 11:58:32 | 000,087,356 | ---- | M] () -- C:\Clean.jpg
    [2002/01/30 04:40:22 | 000,001,758 | ---- | M] () -- C:\click.wav
    [2002/04/22 14:14:44 | 000,063,533 | ---- | M] () -- C:\Clock.jpg
    [2002/04/19 17:17:36 | 000,186,641 | ---- | M] () -- C:\Closeup.jpg
    [2000/08/28 11:29:40 | 000,007,989 | ---- | M] () -- C:\Clouds.jpg
    [2002/04/23 16:55:22 | 000,000,162 | ---- | M] () -- C:\Clouds.txt
    [2002/04/22 15:06:12 | 000,067,119 | ---- | M] () -- C:\Clouds1.jpg
    [2002/04/22 15:10:42 | 000,085,372 | ---- | M] () -- C:\Clouds10.jpg
    [2002/04/22 15:10:48 | 000,090,682 | ---- | M] () -- C:\Clouds11.jpg
    [2002/04/22 15:10:48 | 000,095,808 | ---- | M] () -- C:\Clouds12.jpg
    [2002/04/22 15:10:50 | 000,066,611 | ---- | M] () -- C:\Clouds13.jpg
    [2002/04/22 15:10:50 | 000,086,944 | ---- | M] () -- C:\Clouds14.jpg
    [2002/04/22 15:10:40 | 000,059,419 | ---- | M] () -- C:\Clouds15.jpg
    [2002/04/22 15:12:36 | 000,119,271 | ---- | M] () -- C:\Clouds18.jpg
    [2002/04/22 15:12:44 | 000,084,149 | ---- | M] () -- C:\Clouds19.jpg
    [2002/04/22 15:06:24 | 000,059,117 | ---- | M] () -- C:\Clouds2.jpg
    [2002/04/22 15:12:46 | 000,093,193 | ---- | M] () -- C:\Clouds20.jpg
    [2002/04/22 15:13:26 | 000,096,733 | ---- | M] () -- C:\Clouds21.jpg
    [2002/04/22 15:12:48 | 000,090,747 | ---- | M] () -- C:\Clouds22.jpg
    [2002/04/22 15:12:48 | 000,114,309 | ---- | M] () -- C:\Clouds23.jpg
    [2002/04/22 15:13:20 | 000,076,056 | ---- | M] () -- C:\Clouds24.jpg
    [2002/04/22 15:13:22 | 000,103,186 | ---- | M] () -- C:\Clouds25.jpg
    [2002/04/22 15:13:22 | 000,083,504 | ---- | M] () -- C:\Clouds26.jpg
    [2002/04/22 15:13:24 | 000,085,792 | ---- | M] () -- C:\Clouds27.jpg
    [2002/04/22 15:13:24 | 000,106,083 | ---- | M] () -- C:\Clouds28.jpg
    [2002/04/22 15:12:46 | 000,106,520 | ---- | M] () -- C:\Clouds29.jpg
    [2002/04/22 15:06:56 | 000,064,883 | ---- | M] () -- C:\Clouds3.jpg
    [2002/04/22 15:07:26 | 000,094,382 | ---- | M] () -- C:\Clouds4.jpg
    [2002/04/22 15:10:38 | 000,081,196 | ---- | M] () -- C:\Clouds5.jpg
    [2002/04/22 15:10:38 | 000,080,135 | ---- | M] () -- C:\Clouds6.jpg
    [2002/04/22 15:10:40 | 000,081,034 | ---- | M] () -- C:\Clouds7.jpg
    [2002/04/22 15:10:50 | 000,082,192 | ---- | M] () -- C:\Clouds8.jpg
    [2002/04/22 15:10:40 | 000,094,827 | ---- | M] () -- C:\Clouds9.jpg
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2002/04/16 11:32:52 | 000,310,267 | ---- | M] () -- C:\cobblestone.jpg
    [2000/10/24 01:00:08 | 000,003,426 | ---- | M] () -- C:\Coffee Cup.lay
    [2002/04/22 15:17:58 | 000,311,338 | ---- | M] () -- C:\Colored Bricks.jpg
    [2000/10/25 11:44:36 | 000,421,946 | ---- | M] () -- C:\Colored Stones.jpg
    [2002/04/11 17:28:56 | 000,390,761 | ---- | M] () -- C:\Colorful.jpg
    [2002/04/12 10:07:10 | 000,034,710 | ---- | M] () -- C:\ColourWash.bmp
    [2011/01/22 19:06:36 | 000,015,982 | ---- | M] () -- C:\ComboFix.txt
    [2002/04/22 11:58:02 | 000,107,076 | ---- | M] () -- C:\Comet.jpg
    [2002/04/22 14:15:00 | 000,054,703 | ---- | M] () -- C:\Computer.jpg
    [2002/04/01 18:19:48 | 000,003,426 | ---- | M] () -- C:\Computer.lay
    [2002/04/22 15:02:56 | 000,297,116 | ---- | M] () -- C:\Conduit.jpg
    [2002/04/22 14:26:40 | 000,180,506 | ---- | M] () -- C:\Conference room.jpg
    [2009/09/24 08:07:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2002/01/30 11:43:06 | 000,004,918 | ---- | M] () -- C:\contact.gif
    [2002/01/31 06:04:46 | 000,009,121 | ---- | M] () -- C:\contact.htm
    [2002/01/30 11:58:48 | 000,005,039 | ---- | M] () -- C:\contacton.gif
    [2002/01/17 04:06:54 | 000,003,300 | ---- | M] () -- C:\controlpanel.gif
    [2002/04/19 16:40:22 | 000,219,592 | ---- | M] () -- C:\Convertible.jpg
    [2002/04/19 16:48:46 | 000,225,532 | ---- | M] () -- C:\Convertible2.jpg
    [2002/04/19 10:38:40 | 000,211,953 | ---- | M] () -- C:\Cool Blue.jpg
    [2002/04/19 10:35:46 | 000,218,660 | ---- | M] () -- C:\Cool Gray.jpg
    [2002/04/19 10:37:10 | 000,221,916 | ---- | M] () -- C:\Cool Green.jpg
    [2002/04/22 14:13:08 | 000,047,898 | ---- | M] () -- C:\Cool Mouse.jpg
    [2002/04/19 10:34:20 | 000,310,400 | ---- | M] () -- C:\Cool Red.jpg
    [2002/04/12 08:51:02 | 000,298,907 | ---- | M] () -- C:\Copper.jpg
    [2002/01/14 05:28:36 | 000,001,977 | ---- | M] () -- C:\Copy of game.gif
    [2002/04/16 11:29:56 | 000,283,009 | ---- | M] () -- C:\Corkboard.jpg
    [2002/04/22 11:54:54 | 000,291,772 | ---- | M] () -- C:\Cosmic Cloud.jpg
    [2002/04/22 13:46:04 | 000,154,881 | ---- | M] () -- C:\Cowboy.jpg
    [2002/04/18 16:03:50 | 000,490,674 | ---- | M] () -- C:\Cowra Gardens.jpg
    [2002/04/22 15:28:02 | 000,183,785 | ---- | M] () -- C:\Cracks.jpg
    [2002/04/22 11:58:56 | 000,373,373 | ---- | M] () -- C:\Crater.jpg
    [2002/04/12 09:39:10 | 000,330,145 | ---- | M] () -- C:\Crazy Paving.jpg
    [2002/04/12 09:25:30 | 000,279,571 | ---- | M] () -- C:\Crazy20.jpg
    [2002/04/16 11:18:30 | 000,444,806 | ---- | M] () -- C:\Crop Circles.jpg
    [1998/11/20 15:49:10 | 000,003,435 | ---- | M] () -- C:\Crown.lay
    [2002/04/22 15:22:52 | 000,290,247 | ---- | M] () -- C:\Crystal.jpg
    [2002/04/11 17:22:42 | 000,486,258 | ---- | M] () -- C:\CS Traditional - Wood.jpg
    [2002/04/22 14:26:08 | 000,172,343 | ---- | M] () -- C:\Cubicle.jpg
    [1999/01/28 18:26:30 | 000,003,422 | ---- | M] () -- C:\Cupola.lay
    [2002/04/15 13:51:00 | 000,014,705 | ---- | M] () -- C:\cyber_swirl1.jpg
    [2002/04/15 14:13:06 | 000,015,711 | ---- | M] () -- C:\cyber_swirl10.jpg
    [2002/04/15 14:14:04 | 000,010,832 | ---- | M] () -- C:\cyber_swirl11.jpg
    [2002/04/15 14:14:02 | 000,012,565 | ---- | M] () -- C:\cyber_swirl12.jpg
    [2002/04/15 14:13:58 | 000,012,958 | ---- | M] () -- C:\cyber_swirl13.jpg
    [2002/04/15 14:13:56 | 000,008,617 | ---- | M] () -- C:\cyber_swirl14.jpg
    [2002/04/15 14:13:50 | 000,012,718 | ---- | M] () -- C:\cyber_swirl15.jpg
    [2002/04/15 13:56:18 | 000,013,191 | ---- | M] () -- C:\cyber_swirl2.jpg
    [2002/04/15 14:05:40 | 000,010,370 | ---- | M] () -- C:\cyber_swirl3.jpg
    [2002/04/15 14:06:54 | 000,014,909 | ---- | M] () -- C:\cyber_swirl4.jpg
    [2002/04/15 14:12:18 | 000,015,720 | ---- | M] () -- C:\cyber_swirl5.jpg
    [2002/04/15 14:07:44 | 000,016,518 | ---- | M] () -- C:\cyber_swirl6.jpg
    [2002/04/15 14:13:12 | 000,017,459 | ---- | M] () -- C:\cyber_swirl7.jpg
    [2002/04/15 14:13:04 | 000,014,484 | ---- | M] () -- C:\cyber_swirl8.jpg
    [2002/04/15 14:13:08 | 000,010,253 | ---- | M] () -- C:\cyber_swirl9.jpg
    [2002/04/19 17:06:38 | 000,177,889 | ---- | M] () -- C:\Daisies.jpg
    [2002/04/15 13:51:56 | 000,017,818 | ---- | M] () -- C:\dark_swim_tile1.jpg
    [2002/04/15 14:13:06 | 000,019,559 | ---- | M] () -- C:\dark_swim_tile10.jpg
    [2002/04/15 14:14:08 | 000,013,741 | ---- | M] () -- C:\dark_swim_tile11.jpg
    [2002/04/15 14:14:04 | 000,014,813 | ---- | M] () -- C:\dark_swim_tile12.jpg
    [2002/04/15 14:14:00 | 000,015,071 | ---- | M] () -- C:\dark_swim_tile13.jpg
    [2002/04/15 14:13:58 | 000,010,592 | ---- | M] () -- C:\dark_swim_tile14.jpg
    [2002/04/15 14:13:54 | 000,015,664 | ---- | M] () -- C:\dark_swim_tile15.jpg
    [2002/04/15 13:57:28 | 000,016,974 | ---- | M] () -- C:\dark_swim_tile2.jpg
    [2002/04/15 14:06:48 | 000,013,056 | ---- | M] () -- C:\dark_swim_tile3.jpg
    [2002/04/15 14:05:04 | 000,018,014 | ---- | M] () -- C:\dark_swim_tile4.jpg
    [2002/04/15 14:12:28 | 000,019,554 | ---- | M] () -- C:\dark_swim_tile5.jpg
    [2002/04/15 14:12:14 | 000,020,404 | ---- | M] () -- C:\dark_swim_tile6.jpg
    [2002/04/15 14:13:12 | 000,020,869 | ---- | M] () -- C:\dark_swim_tile7.jpg
    [2002/04/15 14:13:16 | 000,017,551 | ---- | M] () -- C:\dark_swim_tile8.jpg
    [2002/04/15 14:13:10 | 000,012,394 | ---- | M] () -- C:\dark_swim_tile9.jpg
    [2002/01/14 07:05:06 | 000,000,109 | ---- | M] () -- C:\darrow.gif
    [2002/04/08 13:28:20 | 000,036,496 | ---- | M] () -- C:\Deep Space.jpg
    [1998/11/20 16:06:20 | 000,003,439 | ---- | M] () -- C:\Deep Well.lay
    [2002/04/22 13:57:54 | 000,127,715 | ---- | M] () -- C:\Deer.jpg
    [2002/01/21 06:31:36 | 000,000,271 | ---- | M] () -- C:\default.css
    [2009/09/11 21:02:38 | 000,000,455 | ---- | M] () -- C:\Default.txt
    [2002/04/12 08:44:26 | 000,000,690 | ---- | M] () -- C:\default1.htm
    [2002/04/12 06:25:42 | 000,000,690 | ---- | M] () -- C:\default2.htm
    [2000/07/24 19:15:00 | 000,034,710 | ---- | M] () -- C:\Deja Vu.bmp
    [2002/04/08 12:23:56 | 000,052,949 | ---- | M] () -- C:\Demin.jpg
    [2002/04/22 14:20:06 | 000,336,950 | ---- | M] () -- C:\Demin2.jpg
    [2001/08/14 15:15:30 | 000,012,259 | ---- | M] () -- C:\Desert.jpg
    [2002/04/22 11:38:02 | 000,194,885 | ---- | M] () -- C:\Desert1.jpg
    [2002/04/22 11:38:18 | 000,140,400 | ---- | M] () -- C:\Desert2.jpg
    [2002/04/22 11:39:16 | 000,164,246 | ---- | M] () -- C:\Desert3.jpg
    [2002/04/24 11:07:14 | 000,033,544 | ---- | M] () -- C:\Deutsch.txt
    [2002/04/10 09:53:28 | 000,021,558 | ---- | M] () -- C:\Diamond.bmp
    [2002/04/18 15:52:06 | 000,003,423 | ---- | M] () -- C:\diamond.lay
    [2002/04/10 09:53:36 | 000,021,558 | ---- | M] () -- C:\Diamond2.bmp
    [2002/04/10 09:49:02 | 000,339,949 | ---- | M] () -- C:\Diamonds.jpg
    [2002/04/22 12:14:48 | 000,114,605 | ---- | M] () -- C:\Diary.jpg
    [2002/04/12 10:07:36 | 000,034,710 | ---- | M] () -- C:\Dice.bmp
    [2002/04/22 11:40:42 | 000,298,291 | ---- | M] () -- C:\Dimes.jpg
    [2002/01/30 03:34:06 | 000,001,899 | ---- | M] () -- C:\directx.gif
    [2002/01/31 06:01:38 | 000,006,648 | ---- | M] () -- C:\directX.htm
    [2002/02/01 04:40:12 | 000,003,004 | ---- | M] () -- C:\directx1.htm
    [2002/01/30 03:39:20 | 000,001,997 | ---- | M] () -- C:\directxdown.gif
    [2002/01/30 03:35:16 | 000,001,966 | ---- | M] () -- C:\directxon.gif
    [2002/04/22 11:55:48 | 000,073,197 | ---- | M] () -- C:\Distant Planet.jpg
    [2002/04/15 13:51:50 | 000,011,574 | ---- | M] () -- C:\distwirl1.jpg
    [2002/04/15 14:13:06 | 000,012,091 | ---- | M] () -- C:\distwirl10.jpg
    [2002/04/15 14:14:06 | 000,007,074 | ---- | M] () -- C:\distwirl11.jpg
    [2002/04/15 14:14:04 | 000,010,098 | ---- | M] () -- C:\distwirl12.jpg
    [2002/04/15 14:14:00 | 000,010,479 | ---- | M] () -- C:\distwirl13.jpg
    [2002/04/15 14:13:58 | 000,005,720 | ---- | M] () -- C:\distwirl14.jpg
    [2002/04/15 14:13:52 | 000,009,256 | ---- | M] () -- C:\distwirl15.jpg
    [2002/04/15 13:57:18 | 000,009,305 | ---- | M] () -- C:\distwirl2.jpg
    [2002/04/15 14:06:42 | 000,006,661 | ---- | M] () -- C:\distwirl3.jpg
    [2002/04/15 14:04:56 | 000,011,792 | ---- | M] () -- C:\distwirl4.jpg
    [2002/04/15 14:12:26 | 000,012,112 | ---- | M] () -- C:\distwirl5.jpg
    [2002/04/15 14:12:12 | 000,012,973 | ---- | M] () -- C:\distwirl6.jpg
    [2002/04/15 14:13:12 | 000,014,093 | ---- | M] () -- C:\distwirl7.jpg
    [2002/04/15 14:13:16 | 000,011,647 | ---- | M] () -- C:\distwirl8.jpg
    [2002/04/15 14:13:10 | 000,006,811 | ---- | M] () -- C:\distwirl9.jpg
    [2002/04/15 13:51:34 | 000,014,649 | ---- | M] () -- C:\distwort1.jpg
    [2002/04/15 14:13:06 | 000,015,592 | ---- | M] () -- C:\distwort10.jpg
    [2002/04/15 14:14:06 | 000,010,520 | ---- | M] () -- C:\distwort11.jpg
    [2002/04/15 14:14:04 | 000,012,523 | ---- | M] () -- C:\distwort12.jpg
    [2002/04/15 14:14:00 | 000,012,983 | ---- | M] () -- C:\distwort13.jpg
    [2002/04/15 14:13:56 | 000,008,327 | ---- | M] () -- C:\distwort14.jpg
    [2002/04/15 14:13:52 | 000,012,514 | ---- | M] () -- C:\distwort15.jpg
    [2002/04/15 13:57:12 | 000,012,964 | ---- | M] () -- C:\distwort2.jpg
    [2002/04/15 14:06:34 | 000,009,870 | ---- | M] () -- C:\distwort3.jpg
    [2002/04/15 14:04:50 | 000,014,820 | ---- | M] () -- C:\distwort4.jpg
    [2002/04/15 14:12:24 | 000,015,602 | ---- | M] () -- C:\distwort5.jpg
    [2002/04/15 14:12:12 | 000,016,469 | ---- | M] () -- C:\distwort6.jpg
    [2002/04/15 14:13:12 | 000,017,378 | ---- | M] () -- C:\distwort7.jpg
    [2002/04/15 14:13:16 | 000,014,478 | ---- | M] () -- C:\distwort8.jpg
    [2002/04/15 14:13:10 | 000,009,873 | ---- | M] () -- C:\distwort9.jpg
    [2002/04/22 15:00:34 | 000,169,655 | ---- | M] () -- C:\Domes.jpg
    [2001/11/11 12:26:52 | 000,008,056 | ---- | M] () -- C:\done.wav
    [2002/04/10 09:49:22 | 000,177,779 | ---- | M] () -- C:\Dots.jpg
    [2002/04/22 15:16:20 | 000,279,148 | ---- | M] () -- C:\Drain.jpg
    [2000/07/14 18:11:06 | 000,072,243 | ---- | M] () -- C:\Dreaming.jpg
    [2002/04/22 15:26:54 | 000,243,369 | ---- | M] () -- C:\Dry Lake.jpg
    [2002/04/16 11:31:24 | 000,358,171 | ---- | M] () -- C:\Dry Mud.jpg
    [1998/11/04 22:04:36 | 000,003,429 | ---- | M] () -- C:\Dude.lay
    [2002/04/01 11:58:00 | 000,129,504 | ---- | M] () -- C:\Dune.jpg
    [2002/01/31 05:07:52 | 000,005,057 | ---- | M] () -- C:\dxabout.gif
    [2002/01/31 05:07:36 | 000,005,175 | ---- | M] () -- C:\dxabouton.gif
    [2002/01/31 06:31:58 | 000,005,006 | ---- | M] () -- C:\dxinstall.gif
    [2002/01/31 06:01:48 | 000,002,689 | ---- | M] () -- C:\dxinstall.htm
    [2002/01/31 06:50:54 | 000,005,137 | ---- | M] () -- C:\dxinstallon.gif
    [2002/04/22 11:49:30 | 000,202,071 | ---- | M] () -- C:\Earth Topographic.jpg
    [2002/04/22 11:59:34 | 000,174,140 | ---- | M] () -- C:\Earth.jpg
    [2002/04/11 17:22:04 | 000,353,178 | ---- | M] () -- C:\Easter Eggs.jpg
    [2002/04/12 09:20:28 | 000,164,619 | ---- | M] () -- C:\Easy20.jpg
    [2002/04/22 12:01:26 | 000,063,146 | ---- | M] () -- C:\Eclipse.jpg
    [2002/01/14 05:03:08 | 000,006,516 | ---- | M] () -- C:\egames.gif
    [1999/11/24 09:11:56 | 000,005,694 | ---- | M] () -- C:\egames.ico
    [2002/02/27 05:39:38 | 000,004,918 | ---- | M] () -- C:\egames1.gif
    [2002/02/27 05:39:38 | 000,004,918 | ---- | M] () -- C:\egames2.gif
    [2002/01/30 06:27:28 | 000,029,769 | ---- | M] () -- C:\egameson.gif
    [2002/02/27 05:35:56 | 000,028,376 | ---- | M] () -- C:\egameson2.gif
    [2002/04/12 09:44:34 | 000,177,490 | ---- | M] () -- C:\Eggs.jpg
    [2002/04/22 13:55:52 | 000,347,611 | ---- | M] () -- C:\Egyptian.jpg
    [2000/06/03 14:18:00 | 000,003,447 | ---- | M] () -- C:\Eight Stacks.lay
    [2000/10/16 20:23:14 | 000,016,304 | ---- | M] () -- C:\Electric Soul.mid
    [2002/04/12 09:53:28 | 000,145,145 | ---- | M] () -- C:\Electrosphere.jpg
    [2002/04/16 11:31:10 | 000,369,899 | ---- | M] () -- C:\Emerald.jpg
    [2002/04/26 04:09:26 | 000,026,826 | ---- | M] () -- C:\English.txt
    [2002/01/05 00:15:14 | 000,049,206 | ---- | M] () -- C:\envmap.bmp
    [2002/04/17 14:05:56 | 000,003,426 | ---- | M] () -- C:\Equation.lay
    [2002/04/24 11:08:38 | 000,032,304 | ---- | M] () -- C:\Español.txt
    [2002/04/22 13:53:10 | 000,177,297 | ---- | M] () -- C:\Europe.jpg
    [2009/02/06 16:51:03 | 000,000,083 | ---- | M] () -- C:\external.txt
    [1999/06/18 11:49:36 | 000,003,449 | ---- | M] () -- C:\F-15 Eagle.lay
    [2002/04/22 12:10:44 | 000,153,485 | ---- | M] () -- C:\Facade.jpg
    [2002/04/22 12:14:10 | 000,260,465 | ---- | M] () -- C:\Face.jpg
    [2002/04/15 13:51:26 | 000,016,079 | ---- | M] () -- C:\face1.jpg
    [2002/04/15 14:13:06 | 000,020,963 | ---- | M] () -- C:\face10.jpg
    [2002/04/15 14:14:06 | 000,018,711 | ---- | M] () -- C:\face11.jpg
    [2002/04/15 14:14:02 | 000,013,513 | ---- | M] () -- C:\face12.jpg
    [2002/04/15 14:14:00 | 000,012,742 | ---- | M] () -- C:\face13.jpg
    [2002/04/15 14:13:56 | 000,015,131 | ---- | M] () -- C:\face14.jpg
    [2002/04/15 14:13:52 | 000,019,382 | ---- | M] () -- C:\face15.jpg
    [2002/04/15 13:57:04 | 000,020,263 | ---- | M] () -- C:\face2.jpg
    [2002/04/15 14:06:28 | 000,018,531 | ---- | M] () -- C:\face3.jpg
    [2002/04/15 14:04:42 | 000,015,428 | ---- | M] () -- C:\face4.jpg
    [2002/04/15 14:12:24 | 000,020,702 | ---- | M] () -- C:\face5.jpg
    [2002/04/15 14:12:10 | 000,019,691 | ---- | M] () -- C:\face6.jpg
    [2002/04/15 14:13:12 | 000,017,496 | ---- | M] () -- C:\face7.jpg
    [2002/04/15 14:13:14 | 000,016,863 | ---- | M] () -- C:\face8.jpg
    [2002/04/15 14:13:08 | 000,017,127 | ---- | M] () -- C:\face9.jpg
    [2002/04/22 15:01:12 | 000,125,135 | ---- | M] () -- C:\Factory.jpg
    [1999/09/16 19:18:44 | 000,088,136 | ---- | M] () -- C:\Fairy Tale.mid
    [2002/04/22 17:00:52 | 000,427,739 | ---- | M] () -- C:\Fall Tiles.jpg
    [2002/01/30 11:41:22 | 000,004,894 | ---- | M] () -- C:\faq.gif
    [2002/04/23 03:38:14 | 000,094,726 | ---- | M] () -- C:\faq.htm
    [2002/01/30 11:41:12 | 000,004,964 | ---- | M] () -- C:\faqon.gif
    [2002/04/22 15:29:38 | 000,079,732 | ---- | M] () -- C:\Far Away.jpg
    [1998/11/20 16:06:30 | 000,003,439 | ---- | M] () -- C:\Farandole.lay
    [2002/04/19 16:46:46 | 000,101,356 | ---- | M] () -- C:\Fastback.jpg
    [2009/07/19 17:00:02 | 000,000,200 | ---- | M] () -- C:\Favelay.ini
    [2002/04/19 16:06:26 | 000,309,473 | ---- | M] () -- C:\Ferns.jpg
    [1997/06/25 12:06:36 | 000,056,681 | ---- | M] () -- C:\Ferral.mid
    [2002/04/15 10:43:14 | 000,030,941 | ---- | M] () -- C:\Field Stone.jpg
    [2002/04/15 10:43:14 | 000,030,941 | ---- | M] () -- C:\fieldstone.jpg
    [2002/04/22 15:35:48 | 000,141,429 | ---- | M] () -- C:\Fighter.jpg
    [2002/04/22 13:56:18 | 000,118,563 | ---- | M] () -- C:\Fire Fighter.jpg
    [2000/10/25 11:44:34 | 000,389,815 | ---- | M] () -- C:\Fire Wood.jpg
    [2002/04/22 12:20:48 | 000,148,864 | ---- | M] () -- C:\Fireplace.jpg
    [2002/04/19 17:01:08 | 000,257,506 | ---- | M] () -- C:\Fireworks.jpg
    [2002/04/19 17:02:40 | 000,224,761 | ---- | M] () -- C:\Fireworks2.jpg
    [2002/04/22 15:39:24 | 000,185,752 | ---- | M] () -- C:\Firing Up.jpg
    [2002/04/22 12:43:46 | 000,180,476 | ---- | M] () -- C:\Fish.jpg
    [1998/11/23 23:01:14 | 000,003,437 | ---- | M] () -- C:\Fish.lay
    [2002/04/23 16:56:58 | 000,000,139 | ---- | M] () -- C:\Fish.txt
    [1998/11/20 16:26:30 | 000,003,448 | ---- | M] () -- C:\Five Pyramids 2.lay
    [1998/11/20 16:26:34 | 000,003,446 | ---- | M] () -- C:\Five Pyramids.lay
    [2002/04/22 14:01:12 | 000,119,638 | ---- | M] () -- C:\Flag.jpg
    [2002/04/18 16:12:52 | 000,003,426 | ---- | M] () -- C:\Flag.lay
    [2002/04/19 10:51:00 | 000,400,529 | ---- | M] () -- C:\Flags.jpg
    [2002/04/19 16:38:22 | 000,148,258 | ---- | M] () -- C:\Flamin Red.jpg
    [2002/04/12 10:01:46 | 000,190,268 | ---- | M] () -- C:\Floppies.jpg
    [2002/04/18 16:13:22 | 000,003,426 | ---- | M] () -- C:\Flower.lay
    [2002/04/22 12:11:48 | 000,203,993 | ---- | M] () -- C:\Flowerbox.jpg
    [2002/04/19 17:05:56 | 000,258,232 | ---- | M] () -- C:\Flowers.jpg
    [2002/04/23 15:46:58 | 000,000,156 | ---- | M] () -- C:\Flowers.txt
    [2002/04/19 17:10:00 | 000,269,715 | ---- | M] () -- C:\Flowers2.jpg
    [2002/04/19 17:12:16 | 000,307,463 | ---- | M] () -- C:\Flowers3.jpg
    [2009/10/05 10:48:55 | 000,040,668 | ---- | M] () -- C:\FLOYD.CCW
    [2002/04/22 13:47:00 | 000,276,573 | ---- | M] () -- C:\Foal.jpg
    [2002/04/22 13:48:58 | 000,246,206 | ---- | M] () -- C:\Foal2.jpg
    [2002/04/08 12:17:08 | 000,062,096 | ---- | M] () -- C:\Foliage.jpg
    [2002/04/22 11:23:20 | 000,497,075 | ---- | M] () -- C:\Foliage1.jpg
    [2002/04/22 11:25:44 | 000,317,222 | ---- | M] () -- C:\Foliage2.jpg
    [2002/04/22 11:26:54 | 000,373,412 | ---- | M] () -- C:\Foliage3.jpg
    [2002/04/22 11:29:06 | 000,483,964 | ---- | M] () -- C:\Foliage4.jpg
    [2002/04/22 11:31:04 | 000,250,442 | ---- | M] () -- C:\Foliage5.jpg
    [2002/04/22 12:05:56 | 000,171,468 | ---- | M] () -- C:\Foliage6.jpg
    [2002/04/22 11:35:52 | 000,506,674 | ---- | M] () -- C:\Foliage7.jpg
    [2002/04/22 11:36:06 | 000,409,877 | ---- | M] () -- C:\Foliage8.jpg
    [2002/04/22 11:36:20 | 000,550,710 | ---- | M] () -- C:\Foliage9.jpg
    [1999/02/17 03:59:18 | 000,062,968 | ---- | M] () -- C:\Folk'n'Storm.mod
    [2002/04/23 16:58:18 | 000,000,155 | ---- | M] () -- C:\Forest.txt
    [2000/11/01 16:52:08 | 000,004,419 | ---- | M] () -- C:\Forever.mid
    [2000/06/20 12:18:20 | 000,003,424 | ---- | M] () -- C:\Fortress.lay
    [2002/04/22 14:00:06 | 000,213,311 | ---- | M] () -- C:\Fossil.jpg
    [2002/04/22 12:11:04 | 000,193,080 | ---- | M] () -- C:\Fountain.jpg
    [2000/05/15 13:25:20 | 000,003,438 | ---- | M] () -- C:\Four Winds Bei.lay
    [2000/05/15 13:15:24 | 000,003,439 | ---- | M] () -- C:\Four Winds Dong.lay
    [2000/05/15 13:36:28 | 000,003,438 | ---- | M] () -- C:\Four Winds Nan.lay
    [2000/05/15 13:46:34 | 000,003,437 | ---- | M] () -- C:\Four Winds Xi.lay
    [2002/04/12 09:22:52 | 000,247,456 | ---- | M] () -- C:\Fractals.jpg
    [2002/04/26 04:10:26 | 000,027,425 | ---- | M] () -- C:\Français.txt
    [2002/01/31 04:55:10 | 000,004,978 | ---- | M] () -- C:\freegames.gif
    [2002/01/31 04:55:26 | 000,005,126 | ---- | M] () -- C:\freegameson.gif
    [2002/04/22 12:19:52 | 000,200,839 | ---- | M] () -- C:\Frisbee.jpg
    [2002/04/15 12:14:00 | 000,012,751 | ---- | M] () -- C:\Frost.jpg
    [2002/04/15 13:51:20 | 000,014,644 | ---- | M] () -- C:\frostback1.jpg
    [2002/04/15 14:13:06 | 000,016,943 | ---- | M] () -- C:\frostback10.jpg
    [2002/04/15 14:14:06 | 000,013,997 | ---- | M] () -- C:\frostback11.jpg
    [2002/04/15 14:14:02 | 000,012,502 | ---- | M] () -- C:\frostback12.jpg
    [2002/04/15 14:14:00 | 000,012,514 | ---- | M] () -- C:\frostback13.jpg
    [2002/04/15 14:13:56 | 000,011,549 | ---- | M] () -- C:\frostback14.jpg
    [2002/04/15 14:14:08 | 000,015,011 | ---- | M] () -- C:\frostback15.jpg
    [2002/04/15 13:56:56 | 000,015,602 | ---- | M] () -- C:\frostback2.jpg
    [2002/04/15 14:06:22 | 000,014,076 | ---- | M] () -- C:\frostback3.jpg
    [2002/04/15 14:04:34 | 000,014,609 | ---- | M] () -- C:\frostback4.jpg
    [2002/04/15 14:12:22 | 000,016,819 | ---- | M] () -- C:\frostback5.jpg
    [2002/04/15 14:12:10 | 000,016,919 | ---- | M] () -- C:\frostback6.jpg
    [2002/04/15 14:13:12 | 000,016,836 | ---- | M] () -- C:\frostback7.jpg
    [2002/04/15 14:13:14 | 000,014,712 | ---- | M] () -- C:\frostback8.jpg
    [2002/04/15 14:13:08 | 000,013,063 | ---- | M] () -- C:\frostback9.jpg
    [2002/04/22 17:00:40 | 000,485,263 | ---- | M] () -- C:\Fruit.jpg
    [2002/04/11 17:25:06 | 000,274,496 | ---- | M] () -- C:\Fruits-Veggies.jpg
     
    baldcajun,
    #18
  20. 2011/01/24
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    [2002/04/11 17:25:06 | 000,274,496 | ---- | M] () -- C:\Fruits-Veggies.jpg
    [1998/05/07 14:26:10 | 000,003,444 | ---- | M] () -- C:\Full Vision 2.lay
    [1998/05/07 14:25:50 | 000,003,442 | ---- | M] () -- C:\Full Vision.lay
    [2002/04/17 14:14:56 | 000,003,426 | ---- | M] () -- C:\Fun.lay
    [2002/04/18 14:36:58 | 000,222,768 | ---- | M] () -- C:\Funky Laptop.jpg
    [2000/08/29 14:27:00 | 000,199,956 | ---- | M] () -- C:\Funky Tabletop.jpg
    [2000/08/29 09:45:22 | 000,431,658 | ---- | M] () -- C:\Funky Twirl.jpg
    [2002/04/02 12:19:12 | 000,003,426 | ---- | M] () -- C:\Funnel.lay
    [2002/04/22 15:22:32 | 000,366,371 | ---- | M] () -- C:\Fuzz.jpg
    [2000/06/15 02:30:16 | 000,072,222 | ---- | M] () -- C:\Galadriel's Pool.jpg
    [2002/04/22 11:53:20 | 000,387,998 | ---- | M] () -- C:\Galaxies.jpg
    [1999/06/08 21:48:02 | 000,000,345 | ---- | M] () -- C:\Galaxy Software.url
    [2002/01/30 03:37:00 | 000,001,911 | ---- | M] () -- C:\game.gif
    [2002/01/17 06:11:00 | 000,019,755 | ---- | M] () -- C:\gamecontroller.gif
    [2002/01/11 06:09:30 | 000,001,755 | ---- | M] () -- C:\gameinst.gif
    [2002/01/11 06:09:20 | 000,001,973 | ---- | M] () -- C:\gameinston.gif
    [2002/01/30 03:37:12 | 000,001,977 | ---- | M] () -- C:\gameon.gif
    [2002/01/30 03:39:06 | 000,001,991 | ---- | M] () -- C:\gamesdown.gif
    [2002/04/19 17:14:28 | 000,434,909 | ---- | M] () -- C:\Garden.jpg
    [2002/04/19 17:19:06 | 000,431,878 | ---- | M] () -- C:\Garden2.jpg
    [2002/04/22 13:50:58 | 000,109,408 | ---- | M] () -- C:\Garlic.jpg
    [2002/04/15 14:15:40 | 000,017,227 | ---- | M] () -- C:\gatorpaper1.jpg
    [2002/04/15 14:15:28 | 000,014,012 | ---- | M] () -- C:\gatorpaper10.jpg
    [2002/04/15 14:15:38 | 000,017,627 | ---- | M] () -- C:\gatorpaper2.jpg
    [2002/04/15 14:15:38 | 000,019,703 | ---- | M] () -- C:\gatorpaper3.jpg
    [2002/04/15 14:15:36 | 000,020,231 | ---- | M] () -- C:\gatorpaper4.jpg
    [2002/04/15 14:15:34 | 000,017,450 | ---- | M] () -- C:\gatorpaper5.jpg
    [2002/04/15 14:15:34 | 000,014,912 | ---- | M] () -- C:\gatorpaper6.jpg
    [2002/04/15 14:15:32 | 000,015,946 | ---- | M] () -- C:\gatorpaper7.jpg
    [2002/04/15 14:15:30 | 000,019,757 | ---- | M] () -- C:\gatorpaper8.jpg
    [2002/04/15 14:15:30 | 000,015,838 | ---- | M] () -- C:\gatorpaper9.jpg
    [1999/09/18 12:08:28 | 000,003,423 | ---- | M] () -- C:\Gayle.lay
    [2002/04/24 09:27:46 | 000,155,648 | ---- | M] (aaa) -- C:\gbrowser.exe
    [2002/04/22 15:01:46 | 000,181,814 | ---- | M] () -- C:\Gear.jpg
    [2002/04/22 15:02:38 | 000,278,571 | ---- | M] () -- C:\Gears.jpg
    [2002/04/15 14:14:54 | 000,049,350 | ---- | M] () -- C:\geiger_back1.jpg
    [2002/04/15 14:16:00 | 000,059,425 | ---- | M] () -- C:\geiger_back10.jpg
    [2002/04/15 14:15:58 | 000,052,276 | ---- | M] () -- C:\geiger_back11.jpg
    [2002/04/15 14:15:54 | 000,038,637 | ---- | M] () -- C:\geiger_back12.jpg
    [2002/04/15 14:15:52 | 000,044,833 | ---- | M] () -- C:\geiger_back13.jpg
    [2002/04/15 14:15:42 | 000,047,492 | ---- | M] () -- C:\geiger_back14.jpg
    [2002/04/15 14:15:40 | 000,032,274 | ---- | M] () -- C:\geiger_back15.jpg
    [2002/04/15 14:14:52 | 000,061,057 | ---- | M] () -- C:\geiger_back2.jpg
    [2002/04/15 14:14:50 | 000,062,022 | ---- | M] () -- C:\geiger_back3.jpg
    [2002/04/15 14:14:48 | 000,066,523 | ---- | M] () -- C:\geiger_back4.jpg
    [2002/04/15 14:14:46 | 000,061,704 | ---- | M] () -- C:\geiger_back5.jpg
    [2002/04/15 14:14:44 | 000,071,431 | ---- | M] () -- C:\geiger_back6.jpg
    [2002/04/15 14:14:44 | 000,055,051 | ---- | M] () -- C:\geiger_back8.jpg
    [2002/04/15 14:15:28 | 000,048,473 | ---- | M] () -- C:\geiger_back9.jpg
    [2002/04/15 14:14:56 | 000,028,631 | ---- | M] () -- C:\geiger_warped1.jpg
    [2002/04/15 14:16:02 | 000,031,031 | ---- | M] () -- C:\geiger_warped10.jpg
    [2002/04/15 14:16:00 | 000,030,372 | ---- | M] () -- C:\geiger_warped11.jpg
    [2002/04/15 14:15:56 | 000,023,715 | ---- | M] () -- C:\geiger_warped12.jpg
    [2002/04/15 14:15:54 | 000,026,677 | ---- | M] () -- C:\geiger_warped13.jpg
    [2002/04/15 14:15:50 | 000,027,471 | ---- | M] () -- C:\geiger_warped14.jpg
    [2002/04/15 14:15:42 | 000,017,735 | ---- | M] () -- C:\geiger_warped15.jpg
    [2002/04/15 14:14:54 | 000,032,312 | ---- | M] () -- C:\geiger_warped2.jpg
    [2002/04/15 14:14:52 | 000,034,989 | ---- | M] () -- C:\geiger_warped3.jpg
    [2002/04/15 14:14:48 | 000,036,659 | ---- | M] () -- C:\geiger_warped4.jpg
    [2002/04/15 14:14:48 | 000,031,764 | ---- | M] () -- C:\geiger_warped5.jpg
    [2002/04/15 14:14:46 | 000,037,881 | ---- | M] () -- C:\geiger_warped6.jpg
    [2002/04/15 14:14:44 | 000,028,315 | ---- | M] () -- C:\geiger_warped8.jpg
    [2002/04/15 14:14:44 | 000,027,259 | ---- | M] () -- C:\geiger_warped9.jpg
    [2002/04/15 14:14:46 | 000,029,939 | ---- | M] () -- C:\gieger_burne6r.jpg
    [2002/04/15 14:14:56 | 000,019,978 | ---- | M] () -- C:\gieger_burner1.jpg
    [2002/04/15 14:16:02 | 000,024,237 | ---- | M] () -- C:\gieger_burner10.jpg
    [2002/04/15 14:16:00 | 000,021,338 | ---- | M] () -- C:\gieger_burner11.jpg
    [2002/04/15 14:15:56 | 000,014,870 | ---- | M] () -- C:\gieger_burner12.jpg
    [2002/04/15 14:15:54 | 000,017,213 | ---- | M] () -- C:\gieger_burner13.jpg
    [2002/04/15 14:15:50 | 000,019,492 | ---- | M] () -- C:\gieger_burner14.jpg
    [2002/04/15 14:15:42 | 000,011,239 | ---- | M] () -- C:\gieger_burner15.jpg
    [2002/04/15 14:14:54 | 000,025,147 | ---- | M] () -- C:\gieger_burner2.jpg
    [2002/04/15 14:14:52 | 000,026,308 | ---- | M] () -- C:\gieger_burner3.jpg
    [2002/04/15 14:14:48 | 000,028,278 | ---- | M] () -- C:\gieger_burner4.jpg
    [2002/04/15 14:14:48 | 000,025,276 | ---- | M] () -- C:\gieger_burner5.jpg
    [2002/04/15 14:14:44 | 000,022,702 | ---- | M] () -- C:\gieger_burner8.jpg
    [2002/04/15 14:14:42 | 000,019,616 | ---- | M] () -- C:\gieger_burner9.jpg
    [2002/04/18 12:34:50 | 000,456,609 | ---- | M] () -- C:\Gifts.jpg
    [1997/03/07 05:35:34 | 000,013,957 | ---- | M] () -- C:\Gisors.mid
    [2000/10/25 11:44:30 | 000,194,038 | ---- | M] () -- C:\Glass.jpg
    [2002/04/10 11:47:44 | 000,071,130 | ---- | M] () -- C:\Glaze.jpg
    [2002/04/22 12:15:50 | 000,227,543 | ---- | M] () -- C:\Globe.jpg
    [2002/04/15 13:51:14 | 000,009,900 | ---- | M] () -- C:\glowspinwheel1.jpg
    [2002/04/15 14:13:06 | 000,013,534 | ---- | M] () -- C:\glowspinwheel10.jpg
    [2002/04/15 14:14:06 | 000,012,837 | ---- | M] () -- C:\glowspinwheel11.jpg
    [2002/04/15 14:14:02 | 000,009,140 | ---- | M] () -- C:\glowspinwheel12.jpg
    [2002/04/15 14:14:00 | 000,008,396 | ---- | M] () -- C:\glowspinwheel13.jpg
    [2002/04/15 14:13:56 | 000,011,041 | ---- | M] () -- C:\glowspinwheel14.jpg
    [2002/04/15 14:13:52 | 000,013,419 | ---- | M] () -- C:\glowspinwheel15.jpg
    [2002/04/15 13:56:50 | 000,013,952 | ---- | M] () -- C:\glowspinwheel2.jpg
    [2002/04/15 14:06:16 | 000,012,820 | ---- | M] () -- C:\glowspinwheel3.jpg
    [2002/04/15 14:04:28 | 000,009,293 | ---- | M] () -- C:\glowspinwheel4.jpg
    [2002/04/15 14:12:22 | 000,013,270 | ---- | M] () -- C:\glowspinwheel5.jpg
    [2002/04/15 14:12:10 | 000,012,388 | ---- | M] () -- C:\glowspinwheel6.jpg
    [2002/04/15 14:13:12 | 000,010,684 | ---- | M] () -- C:\glowspinwheel7.jpg
    [2002/04/15 14:13:14 | 000,011,127 | ---- | M] () -- C:\glowspinwheel8.jpg
    [2002/04/15 14:13:08 | 000,012,139 | ---- | M] () -- C:\glowspinwheel9.jpg
    [2002/04/15 14:14:56 | 000,014,975 | ---- | M] () -- C:\glow_worms1.jpg
    [2002/04/15 14:16:02 | 000,015,941 | ---- | M] () -- C:\glow_worms10.jpg
    [2002/04/15 14:16:00 | 000,014,659 | ---- | M] () -- C:\glow_worms11.jpg
    [2002/04/15 14:15:56 | 000,012,209 | ---- | M] () -- C:\glow_worms12.jpg
    [2002/04/15 14:15:52 | 000,013,173 | ---- | M] () -- C:\glow_worms13.jpg
    [2002/04/15 14:15:50 | 000,014,541 | ---- | M] () -- C:\glow_worms14.jpg
    [2002/04/15 14:15:42 | 000,010,725 | ---- | M] () -- C:\glow_worms15.jpg
    [2002/04/15 14:14:54 | 000,016,326 | ---- | M] () -- C:\glow_worms2.jpg
    [2002/04/15 14:14:50 | 000,017,112 | ---- | M] () -- C:\glow_worms3.jpg
    [2002/04/15 14:14:48 | 000,018,180 | ---- | M] () -- C:\glow_worms4.jpg
    [2002/04/15 14:14:48 | 000,016,522 | ---- | M] () -- C:\glow_worms5.jpg
    [2002/04/15 14:14:46 | 000,019,575 | ---- | M] () -- C:\glow_worms6.jpg
    [2002/04/15 14:14:44 | 000,015,272 | ---- | M] () -- C:\glow_worms8.jpg
    [2002/04/15 14:14:42 | 000,013,944 | ---- | M] () -- C:\glow_worms9.jpg
    [2002/04/22 14:02:30 | 000,243,251 | ---- | M] () -- C:\God Bless.jpg
    [2000/02/09 17:16:42 | 000,021,726 | ---- | M] () -- C:\God's Reminding.mid
    [1997/03/07 05:35:34 | 000,019,361 | ---- | M] () -- C:\Gokuraku.mid
    [2002/04/22 14:16:24 | 000,076,815 | ---- | M] () -- C:\Gold Satin.jpg
    [2000/10/25 11:44:26 | 000,253,005 | ---- | M] () -- C:\Gold.jpg
    [2002/04/12 08:52:08 | 000,343,160 | ---- | M] () -- C:\Gold2.jpg
    [2002/04/22 13:45:46 | 000,158,770 | ---- | M] () -- C:\Goldfish.jpg
    [2002/04/19 16:51:36 | 000,213,099 | ---- | M] () -- C:\Gourds.jpg
    [2002/04/22 14:04:44 | 000,230,017 | ---- | M] () -- C:\Gourds2.jpg
    [2002/04/12 09:54:08 | 000,155,254 | ---- | M] () -- C:\Gradient.jpg
    [2002/04/16 11:27:00 | 000,357,962 | ---- | M] () -- C:\Gray Elm.jpg
    [2002/04/22 13:47:44 | 000,265,268 | ---- | M] () -- C:\Grazing.jpg
    [2002/04/22 15:04:46 | 000,229,536 | ---- | M] () -- C:\Green Board.jpg
    [2002/04/18 14:54:08 | 000,492,622 | ---- | M] () -- C:\Green Corduroy.jpg
    [2002/04/22 12:06:22 | 000,276,666 | ---- | M] () -- C:\Green Forrest.jpg
    [2000/08/28 13:53:52 | 000,013,866 | ---- | M] () -- C:\Green Marble.jpg
    [2002/04/15 09:03:50 | 000,017,931 | ---- | M] () -- C:\Green Stripe.jpg
    [2000/08/28 11:46:30 | 000,005,484 | ---- | M] () -- C:\Green.jpg
    [2002/04/12 12:29:44 | 000,023,398 | ---- | M] () -- C:\Grey Block.jpg
    [2002/04/22 15:20:46 | 000,378,350 | ---- | M] () -- C:\Grey Cement.jpg
    [2002/04/18 15:51:12 | 000,209,540 | ---- | M] () -- C:\Grey Cotton.jpg
    [2000/08/28 14:09:04 | 000,014,215 | ---- | M] () -- C:\Grey.jpg
    [2002/04/15 11:55:02 | 000,008,385 | ---- | M] () -- C:\greybrick.jpg
    [1999/07/05 21:17:26 | 000,003,438 | ---- | M] () -- C:\H for Haga Traditional.lay
    [1999/01/28 05:00:50 | 000,003,443 | ---- | M] () -- C:\H for Haga.lay
    [2002/04/15 14:15:40 | 000,006,396 | ---- | M] () -- C:\hairthing1.jpg
    [2002/04/15 14:15:28 | 000,004,160 | ---- | M] () -- C:\hairthing10.jpg
    [2002/04/15 14:15:38 | 000,008,537 | ---- | M] () -- C:\hairthing2.jpg
    [2002/04/15 14:15:38 | 000,008,160 | ---- | M] () -- C:\hairthing3.jpg
    [2002/04/15 14:15:36 | 000,009,189 | ---- | M] () -- C:\hairthing4.jpg
    [2002/04/15 14:15:34 | 000,008,420 | ---- | M] () -- C:\hairthing5.jpg
    [2002/04/15 14:15:34 | 000,007,888 | ---- | M] () -- C:\hairthing6.jpg
    [2002/04/15 14:15:32 | 000,006,389 | ---- | M] () -- C:\hairthing7.jpg
    [2002/04/15 14:15:30 | 000,008,165 | ---- | M] () -- C:\hairthing8.jpg
    [2002/04/15 14:15:28 | 000,005,074 | ---- | M] () -- C:\hairthing9.jpg
    [2009/09/11 21:02:38 | 000,027,356 | ---- | M] () -- C:\Hallfame.ini
    [2002/04/22 15:32:00 | 000,121,136 | ---- | M] () -- C:\Hang Glider.jpg
    [2002/04/22 13:45:32 | 000,269,591 | ---- | M] () -- C:\Happy.jpg
    [2002/04/22 12:05:10 | 000,172,743 | ---- | M] () -- C:\Harbor.jpg
    [2002/04/12 10:08:10 | 000,034,710 | ---- | M] () -- C:\Hard.bmp
    [2002/04/15 14:15:40 | 000,007,300 | ---- | M] () -- C:\hatchthing1.jpg
    [2002/04/15 14:15:26 | 000,004,519 | ---- | M] () -- C:\hatchthing10.jpg
    [2002/04/15 14:15:38 | 000,009,456 | ---- | M] () -- C:\hatchthing2.jpg
    [2002/04/15 14:15:38 | 000,009,486 | ---- | M] () -- C:\hatchthing3.jpg
    [2002/04/15 14:15:36 | 000,010,361 | ---- | M] () -- C:\hatchthing4.jpg
    [2002/04/15 14:15:34 | 000,009,627 | ---- | M] () -- C:\hatchthing5.jpg
    [2002/04/15 14:15:32 | 000,008,677 | ---- | M] () -- C:\hatchthing6.jpg
    [2002/04/15 14:15:32 | 000,007,242 | ---- | M] () -- C:\hatchthing7.jpg
    [2002/04/15 14:15:30 | 000,009,596 | ---- | M] () -- C:\hatchthing8.jpg
    [2002/04/15 14:15:28 | 000,005,914 | ---- | M] () -- C:\hatchthing9.jpg
    [2002/04/02 11:13:40 | 000,003,426 | ---- | M] () -- C:\Heart.lay
    [2002/04/22 12:13:34 | 000,136,335 | ---- | M] () -- C:\Hearth.jpg
    [2002/04/22 15:36:40 | 000,089,251 | ---- | M] () -- C:\Helicopter.jpg
    [2002/04/03 17:19:00 | 000,003,426 | ---- | M] () -- C:\Helix.lay
    [2002/01/30 03:33:24 | 000,001,803 | ---- | M] () -- C:\help.gif
    [2002/04/17 03:16:38 | 000,006,937 | ---- | M] () -- C:\help.htm
    [2002/01/30 03:38:40 | 000,001,874 | ---- | M] () -- C:\helpdown.gif
    [2002/01/30 03:37:30 | 000,001,870 | ---- | M] () -- C:\helpon.gif
    [2011/01/24 07:26:10 | 795,660,288 | -HS- | M] () -- C:\hiberfil.sys
    [2002/04/16 11:27:46 | 000,408,044 | ---- | M] () -- C:\Hickory.jpg
    [2002/04/18 16:09:20 | 000,003,442 | ---- | M] () -- C:\High and Low.lay
    [2002/04/22 14:25:14 | 000,238,848 | ---- | M] () -- C:\Home Office.jpg
    [2002/01/31 04:54:14 | 000,004,963 | ---- | M] () -- C:\homepage.gif
    [2002/01/31 04:54:00 | 000,005,069 | ---- | M] () -- C:\homepageon.gif
    [2002/04/12 12:29:44 | 000,023,398 | ---- | M] () -- C:\horizontalbrick.jpg
    [2002/04/22 13:48:40 | 000,110,187 | ---- | M] () -- C:\Horse Sunset.jpg
    [2002/04/22 13:49:32 | 000,316,867 | ---- | M] () -- C:\Horses Running.jpg
    [2002/04/22 13:46:40 | 000,246,526 | ---- | M] () -- C:\Horses.jpg
    [2002/04/22 13:48:06 | 000,185,695 | ---- | M] () -- C:\Horses2.jpg
    [2002/04/22 13:48:22 | 000,376,533 | ---- | M] () -- C:\Horses3.jpg
    [2002/04/22 13:49:52 | 000,113,632 | ---- | M] () -- C:\Horses4.jpg
    [2002/04/19 16:38:56 | 000,142,429 | ---- | M] () -- C:\Hot Rod 2.jpg
    [2002/04/23 16:29:56 | 000,000,157 | ---- | M] () -- C:\Hot Rod.txt
    [2002/04/19 16:35:24 | 000,105,656 | ---- | M] () -- C:\Hot Rod1.jpg
    [2002/04/12 09:56:08 | 000,228,035 | ---- | M] () -- C:\HotAirBalloons.jpg
    [2002/04/22 12:16:52 | 000,243,061 | ---- | M] () -- C:\Hourglass.jpg
    [1998/11/20 16:25:52 | 000,003,442 | ---- | M] () -- C:\Hourglass.lay
    [2009/10/29 17:09:44 | 000,028,506 | ---- | M] () -- C:\hpcmerr.log
    [2011/01/17 21:19:04 | 000,112,581 | ---- | M] () -- C:\hpfr5600.log
    [2002/04/12 09:41:40 | 000,293,525 | ---- | M] () -- C:\HueCry.jpg
    [2002/04/22 11:50:38 | 000,224,417 | ---- | M] () -- C:\Hurricane.jpg
    [2000/10/25 11:44:10 | 000,294,861 | ---- | M] () -- C:\Ice Cubes.jpg
    [2002/04/22 12:00:36 | 000,125,018 | ---- | M] () -- C:\Ice Moon.jpg
    [2000/10/25 11:46:24 | 000,355,114 | ---- | M] () -- C:\Ice.jpg
    [2002/04/23 15:18:18 | 000,000,136 | ---- | M] () -- C:\Ice.txt
    [1999/11/24 09:11:56 | 000,005,694 | ---- | M] () -- C:\icon.ico
    [2002/04/22 13:45:14 | 000,180,370 | ---- | M] () -- C:\Iguana.jpg
    [2002/04/22 15:38:58 | 000,243,786 | ---- | M] () -- C:\In The Shop.jpg
    [1998/11/04 22:05:16 | 000,003,429 | ---- | M] () -- C:\Inca.lay
    [2002/04/22 13:55:32 | 000,147,676 | ---- | M] () -- C:\India.jpg
    [2002/04/11 17:25:22 | 000,266,656 | ---- | M] () -- C:\Insects.jpg
    [2000/05/18 04:27:28 | 000,000,417 | ---- | M] () -- C:\install.gif
    [2009/02/06 16:51:52 | 000,231,790 | ---- | M] () -- C:\INSTALL.LOG
    [2002/02/04 06:44:10 | 000,005,002 | ---- | M] () -- C:\instructions.gif
    [2002/02/07 12:02:44 | 000,009,027 | ---- | M] () -- C:\instructions.htm
    [2002/02/04 06:43:54 | 000,005,135 | ---- | M] () -- C:\instructionson.gif
    [2002/04/22 15:35:30 | 000,163,457 | ---- | M] () -- C:\Intersection.jpg
    [2009/09/24 08:07:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2002/04/19 16:59:02 | 000,177,632 | ---- | M] () -- C:\Island.jpg
    [2000/05/14 13:42:00 | 000,034,710 | ---- | M] () -- C:\Isty.bmp
    [2002/04/10 11:49:12 | 000,117,397 | ---- | M] () -- C:\Isty.jpg
    [2002/04/24 11:10:36 | 000,033,425 | ---- | M] () -- C:\Italiano.txt
    [2002/04/12 08:53:08 | 000,321,293 | ---- | M] () -- C:\Ivory Rev.jpg
    [2002/04/19 16:50:38 | 000,060,201 | ---- | M] () -- C:\Jackolantern.jpg
    [2002/04/11 17:29:54 | 000,316,804 | ---- | M] () -- C:\Jaded.jpg
    [1998/11/20 16:00:32 | 000,003,435 | ---- | M] () -- C:\Japan.lay
    [2002/04/19 17:00:22 | 000,201,944 | ---- | M] () -- C:\Jellybeans.jpg
    [2002/04/22 15:29:18 | 000,082,562 | ---- | M] () -- C:\Jetliner.jpg
    [2002/04/22 14:55:54 | 000,218,429 | ---- | M] () -- C:\Jewelry.jpg
    [2002/04/22 14:56:08 | 000,245,648 | ---- | M] () -- C:\Jewelry2.jpg
    [1999/01/28 04:16:22 | 000,003,435 | ---- | M] () -- C:\Joker.lay
    [2002/04/22 12:01:10 | 000,111,357 | ---- | M] () -- C:\Jupiter.jpg
    [2002/04/01 11:58:16 | 000,053,661 | ---- | M] () -- C:\Just Kids.jpg
    [1999/07/17 11:34:32 | 000,003,440 | ---- | M] () -- C:\K for Kyodai Traditional.lay
    [1998/11/20 16:26:44 | 000,003,445 | ---- | M] () -- C:\K for Kyodai.lay
    [2002/04/12 10:09:22 | 000,034,710 | ---- | M] () -- C:\Kaleidoscope.bmp
    [2002/04/08 14:45:54 | 000,003,792 | ---- | M] () -- C:\Kandie.jpg
    [2001/01/27 23:28:18 | 000,021,558 | ---- | M] () -- C:\Kanji.bmp
    [1998/10/25 02:54:42 | 000,018,997 | ---- | M] () -- C:\Kawaii.mid
    [2002/04/11 17:23:06 | 000,496,414 | ---- | M] () -- C:\Keyboard.jpg
    [2002/04/10 11:46:06 | 000,088,261 | ---- | M] () -- C:\King Marcus.jpg
    [1998/10/06 22:33:52 | 000,003,446 | ---- | M] () -- C:\Kujaku.lay
    [2009/07/22 21:49:49 | 000,002,043 | ---- | M] () -- C:\Kyo4.0.ini
    [1997/03/24 11:55:24 | 000,015,039 | ---- | M] () -- C:\Kyodai.mid
    [1999/09/20 13:25:52 | 000,003,425 | ---- | M] () -- C:\Labyrinth.lay
    [2002/04/01 17:19:44 | 000,003,426 | ---- | M] () -- C:\Ladders.lay
    [2002/04/22 11:31:32 | 000,357,256 | ---- | M] () -- C:\Lake Shore.jpg
    [2002/04/22 11:36:36 | 000,396,291 | ---- | M] () -- C:\Lakeside.jpg
    [2002/04/19 17:22:12 | 000,427,224 | ---- | M] () -- C:\Landscape.jpg
    [2002/04/22 14:14:02 | 000,068,793 | ---- | M] () -- C:\Laptop.jpg
    [2002/04/22 11:42:54 | 000,122,188 | ---- | M] () -- C:\Launch.jpg
    [2002/04/22 11:46:00 | 000,146,146 | ---- | M] () -- C:\Launch2.jpg
    [2002/04/22 11:46:20 | 000,145,089 | ---- | M] () -- C:\Launch3.jpg
    [2002/04/22 11:48:28 | 000,194,365 | ---- | M] () -- C:\Launchpad.jpg
    [2002/04/18 16:10:02 | 000,003,426 | ---- | M] () -- C:\Layers.lay
    [2002/04/15 05:16:34 | 000,009,087 | ---- | M] () -- C:\left_02.gif
    [1999/09/16 22:16:54 | 000,023,521 | ---- | M] () -- C:\Legend.mid
    [2002/04/22 12:23:14 | 000,153,119 | ---- | M] () -- C:\Library.jpg
    [2002/04/22 14:23:36 | 000,165,025 | ---- | M] () -- C:\Light Blue Satin.jpg
    [2002/04/22 12:06:52 | 000,072,388 | ---- | M] () -- C:\Lighthouse.jpg
    [2002/04/08 11:56:48 | 000,012,143 | ---- | M] () -- C:\lightning.jpg
    [2002/04/12 08:47:16 | 000,386,553 | ---- | M] () -- C:\Limestone.jpg
    [1999/02/11 20:19:44 | 000,003,439 | ---- | M] () -- C:\Lion.lay
    [2002/04/19 17:04:34 | 000,187,939 | ---- | M] () -- C:\Lions.jpg
    [2002/04/15 14:15:40 | 000,005,593 | ---- | M] () -- C:\litepattern1.jpg
    [2002/04/15 14:15:26 | 000,003,665 | ---- | M] () -- C:\litepattern10.jpg
    [2002/04/15 14:15:38 | 000,007,407 | ---- | M] () -- C:\litepattern2.jpg
    [2002/04/15 14:15:36 | 000,006,781 | ---- | M] () -- C:\litepattern3.jpg
    [2002/04/15 14:15:36 | 000,007,327 | ---- | M] () -- C:\litepattern4.jpg
    [2002/04/15 14:15:34 | 000,007,188 | ---- | M] () -- C:\litepattern5.jpg
    [2002/04/15 14:15:32 | 000,006,984 | ---- | M] () -- C:\litepattern6.jpg
    [2002/04/15 14:15:32 | 000,005,469 | ---- | M] () -- C:\litepattern7.jpg
    [2002/04/15 14:15:30 | 000,006,659 | ---- | M] () -- C:\litepattern8.jpg
    [2002/04/15 14:15:28 | 000,004,568 | ---- | M] () -- C:\litepattern9.jpg
    [2002/02/27 05:51:40 | 000,001,602 | ---- | M] () -- C:\local.htm
    [1998/11/20 16:06:42 | 000,003,451 | ---- | M] () -- C:\Lost.lay
    [2002/04/12 08:53:42 | 000,349,360 | ---- | M] () -- C:\Lucite.jpg
    [2002/04/22 13:51:50 | 000,241,322 | ---- | M] () -- C:\Lunch.jpg
    [2002/04/11 17:23:24 | 000,376,347 | ---- | M] () -- C:\Mahjong Font-deux.jpg
    [2002/01/08 08:44:50 | 000,036,075 | ---- | M] () -- C:\main.gif
    [2002/04/17 03:13:04 | 000,003,176 | ---- | M] () -- C:\main.htm
    [2000/07/29 12:36:00 | 000,034,710 | ---- | M] () -- C:\Marble.bmp
    [2000/02/17 03:06:38 | 000,015,514 | ---- | M] () -- C:\Marble.jpg
    [2002/04/23 15:11:20 | 000,000,139 | ---- | M] () -- C:\Marble.txt
    [2002/04/08 15:21:46 | 000,329,735 | ---- | M] () -- C:\Marbles.jpg
    [2002/04/10 09:53:24 | 000,021,558 | ---- | M] () -- C:\Marbles2.bmp
    [2002/04/15 09:07:16 | 000,042,734 | ---- | M] () -- C:\marblespeck.jpg
    [2002/04/19 10:51:58 | 000,106,737 | ---- | M] () -- C:\Maroon.jpg
    [1998/04/10 10:53:10 | 000,005,678 | ---- | M] () -- C:\Mayaku.mid
    [2002/04/02 17:40:06 | 000,003,426 | ---- | M] () -- C:\Maze.lay
    [2002/04/22 15:03:16 | 000,250,974 | ---- | M] () -- C:\Mechanical Collage.jpg
    [2002/04/22 12:19:22 | 000,093,462 | ---- | M] () -- C:\Melting Clock.jpg
    [2002/04/22 14:06:04 | 000,099,003 | ---- | M] () -- C:\Menorah.jpg
    [2000/08/23 18:36:46 | 000,076,211 | ---- | M] () -- C:\Menu-de.rtf
    [2000/08/25 15:07:08 | 000,076,309 | ---- | M] () -- C:\Menu-es.rtf
    [2002/04/23 08:58:34 | 000,068,041 | ---- | M] () -- C:\menu-fr.rtf
    [2000/08/24 10:01:18 | 000,123,615 | ---- | M] () -- C:\menu-it.rtf
    [2000/08/22 08:31:10 | 000,043,484 | ---- | M] () -- C:\menu-po.rtf
    [2002/01/14 07:42:00 | 000,006,300 | ---- | M] () -- C:\menu.gif
    [2002/04/23 08:57:32 | 000,065,851 | ---- | M] () -- C:\menu.rtf
    [2000/10/25 11:46:36 | 000,250,666 | ---- | M] () -- C:\Metal.jpg
    [2002/04/11 17:29:12 | 000,314,838 | ---- | M] () -- C:\Metallic.jpg
    [2002/04/23 16:15:00 | 000,000,133 | ---- | M] () -- C:\Metals.txt
    [2000/06/07 18:29:14 | 000,034,710 | ---- | M] () -- C:\Michael.bmp
    [2002/04/22 11:56:16 | 000,305,493 | ---- | M] () -- C:\Milky Way 2.jpg
    [2002/04/22 11:52:26 | 000,217,647 | ---- | M] () -- C:\Milky Way.jpg
    [2000/10/25 11:46:32 | 000,229,927 | ---- | M] () -- C:\Mirror.jpg
    [2000/08/23 18:36:48 | 000,015,944 | ---- | M] () -- C:\misc-de.rtf
    [2000/08/25 15:07:14 | 000,015,636 | ---- | M] () -- C:\Misc-es.rtf
    [2002/04/23 08:59:40 | 000,023,934 | ---- | M] () -- C:\misc-fr.rtf
    [2000/08/24 10:12:54 | 000,013,079 | ---- | M] () -- C:\misc-it.rtf
    [2000/08/22 08:12:16 | 000,013,410 | ---- | M] () -- C:\Misc-po.rtf
    [2002/04/23 08:59:06 | 000,022,149 | ---- | M] () -- C:\misc.rtf
    [2002/04/23 20:12:34 | 000,501,760 | ---- | M] () -- C:\mjm2d.exe
    [2002/04/23 20:52:28 | 000,595,456 | ---- | M] () -- C:\mjm4.exe
    [2002/04/15 04:27:44 | 000,022,217 | ---- | M] () -- C:\mm4_03.gif
    [1998/10/17 17:56:06 | 000,003,441 | ---- | M] () -- C:\Modern Art.lay
    [2002/04/22 11:56:38 | 000,218,429 | ---- | M] () -- C:\Moon Surface.jpg
    [2002/04/22 11:59:56 | 000,120,084 | ---- | M] () -- C:\Moon.jpg
    [2002/04/22 15:28:58 | 000,170,603 | ---- | M] () -- C:\Morning Fog.jpg
    [2002/04/22 15:05:06 | 000,353,293 | ---- | M] () -- C:\Motherboard.jpg
    [2002/04/22 13:58:38 | 000,241,292 | ---- | M] () -- C:\Motorcycle.jpg
    [2002/04/22 13:59:10 | 000,248,359 | ---- | M] () -- C:\Mountain Road.jpg
    [2002/04/22 13:57:06 | 000,085,128 | ---- | M] () -- C:\Mountains.jpg
    [2002/04/22 12:24:42 | 000,142,354 | ---- | M] () -- C:\Mouse.jpg
    [1999/09/22 23:14:14 | 000,212,992 | ---- | M] (Modplug Software) -- C:\mppsdk.dll
    [2009/09/24 08:07:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2002/04/19 16:45:40 | 000,221,069 | ---- | M] () -- C:\Mustang.jpg
    [1999/07/05 21:09:48 | 000,003,440 | ---- | M] () -- C:\N for Namida Traditional.lay
    [1998/11/20 16:03:56 | 000,003,442 | ---- | M] () -- C:\N for Namida.lay
    [2002/04/10 11:48:38 | 000,092,598 | ---- | M] () -- C:\Nameless.jpg
    [1999/07/05 21:23:48 | 000,003,438 | ---- | M] () -- C:\Naoki Haga Traditional.lay
    [2002/01/31 07:13:10 | 000,002,223 | ---- | M] () -- C:\nav1.htm
    [2002/01/31 07:13:10 | 000,002,223 | ---- | M] () -- C:\nav2.htm
    [2002/02/27 05:50:24 | 000,002,245 | ---- | M] () -- C:\nav3.htm
    [2002/01/14 05:02:34 | 000,001,597 | ---- | M] () -- C:\navmid.gif
    [2002/01/14 04:29:52 | 000,005,476 | ---- | M] () -- C:\navtop.gif
    [2002/04/22 11:53:34 | 000,165,752 | ---- | M] () -- C:\Nebula.jpg
    [2002/04/22 11:53:52 | 000,147,520 | ---- | M] () -- C:\Nebula2.jpg
    [2002/04/18 12:15:46 | 000,182,196 | ---- | M] () -- C:\Necklace.jpg
    [2000/12/23 17:58:12 | 000,034,710 | ---- | M] () -- C:\Neon.bmp
    [2000/10/25 11:46:28 | 000,205,543 | ---- | M] () -- C:\Neon.jpg
    [2002/04/10 09:37:38 | 000,311,987 | ---- | M] () -- C:\New Traditional -Bamboo.jpg
    [2002/04/10 09:34:00 | 000,185,398 | ---- | M] () -- C:\New Traditional -Black.jpg
    [2002/04/10 09:37:14 | 000,271,899 | ---- | M] () -- C:\New Traditional -Bone.jpg
    [2002/04/10 09:37:24 | 000,269,310 | ---- | M] () -- C:\New Traditional -Brick.jpg
    [2002/04/10 09:36:08 | 000,377,584 | ---- | M] () -- C:\New Traditional -Brown Stone.jpg
    [2002/04/10 09:37:52 | 000,270,158 | ---- | M] () -- C:\New Traditional -Cardboard.jpg
    [2002/04/10 09:38:14 | 000,295,898 | ---- | M] () -- C:\New Traditional -Chrome.jpg
    [2002/04/10 09:36:58 | 000,409,045 | ---- | M] () -- C:\New Traditional -Glass.jpg
    [2002/04/10 09:38:54 | 000,295,368 | ---- | M] () -- C:\New Traditional -Gold.jpg
    [2002/04/10 09:40:18 | 000,458,085 | ---- | M] () -- C:\New Traditional -Grey Stone.jpg
    [2002/04/10 09:40:36 | 000,239,694 | ---- | M] () -- C:\New Traditional -Leather Gold.jpg
    [2002/04/10 09:40:50 | 000,245,401 | ---- | M] () -- C:\New Traditional -Leather Silver.jpg
    [2002/04/10 09:39:06 | 000,229,241 | ---- | M] () -- C:\New Traditional -Leather.jpg
    [2002/04/10 09:33:14 | 000,417,006 | ---- | M] () -- C:\New Traditional -Marble.jpg
    [2002/04/10 09:33:36 | 000,346,946 | ---- | M] () -- C:\New Traditional -Metal.jpg
    [2002/04/10 09:35:00 | 000,422,793 | ---- | M] () -- C:\New Traditional -Nostalgic Blue.jpg
    [2002/04/10 09:35:10 | 000,378,064 | ---- | M] () -- C:\New Traditional -Nostalgic Red.jpg
    [2002/04/10 09:35:28 | 000,384,228 | ---- | M] () -- C:\New Traditional -Nostalgic Yellow.jpg
    [2002/04/10 09:35:54 | 000,495,750 | ---- | M] () -- C:\New Traditional -Orange Stone.jpg
    [2002/04/10 09:33:48 | 000,293,795 | ---- | M] () -- C:\New Traditional -Paper.jpg
    [2002/04/10 09:33:02 | 000,260,285 | ---- | M] () -- C:\New Traditional -Plastic.jpg
    [2002/04/10 09:32:42 | 000,300,055 | ---- | M] () -- C:\New Traditional -Plastic2.jpg
    [2002/04/10 09:36:20 | 000,319,390 | ---- | M] () -- C:\New Traditional -Purple Stone.jpg
    [2002/04/10 09:35:36 | 000,281,213 | ---- | M] () -- C:\New Traditional -Real.jpg
     
    baldcajun,
    #19
  21. 2011/01/24
    baldcajun Lifetime Subscription

    baldcajun Well-Known Member Thread Starter

    Joined:
    2011/01/17
    Messages:
    63
    Likes Received:
    0
    Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

    [2002/04/10 09:35:36 | 000,281,213 | ---- | M] () -- C:\New Traditional -Real.jpg
    [2002/04/10 09:38:32 | 000,281,686 | ---- | M] () -- C:\New Traditional -Silver.jpg
    [2002/04/10 09:39:48 | 000,379,079 | ---- | M] () -- C:\New Traditional -Stone.jpg
    [2002/04/10 09:40:04 | 000,337,914 | ---- | M] () -- C:\New Traditional -Stone2.jpg
    [2002/04/10 09:39:32 | 000,403,488 | ---- | M] () -- C:\New Traditional -White Stone.jpg
    [2002/04/10 09:34:18 | 000,239,068 | ---- | M] () -- C:\New Traditional -White.jpg
    [2002/04/10 09:34:42 | 000,283,105 | ---- | M] () -- C:\New Traditional -White2.jpg
    [2002/04/10 09:31:26 | 000,377,537 | ---- | M] () -- C:\New Traditional -Wood.jpg
    [2002/04/10 09:31:46 | 000,414,871 | ---- | M] () -- C:\New Traditional -Wood2.jpg
    [2002/04/10 09:32:02 | 000,415,537 | ---- | M] () -- C:\New Traditional -Wood3.jpg
    [2002/04/10 09:36:42 | 000,343,993 | ---- | M] () -- C:\New Traditional -Wood4.jpg
    [2002/04/22 13:51:26 | 000,190,304 | ---- | M] () -- C:\New Year.jpg
    [2002/04/15 14:21:36 | 000,038,694 | ---- | M] () -- C:\newbackgrounds.csv
    [2000/10/25 11:46:40 | 000,372,240 | ---- | M] () -- C:\Night Sky.jpg
    [1998/09/25 13:29:52 | 000,008,020 | ---- | M] () -- C:\Night.mid
    [2002/04/22 14:39:18 | 000,122,851 | ---- | M] () -- C:\Notepaper.jpg
    [2001/11/11 12:26:44 | 000,001,544 | ---- | M] () -- C:\noway.wav
    [2009/02/04 15:01:21 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/10/27 11:29:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2002/04/19 16:03:00 | 000,149,761 | ---- | M] () -- C:\Oak.jpg
    [2000/03/07 15:04:38 | 000,077,491 | ---- | M] () -- C:\Off White Dominoes.jpg
    [2002/04/22 14:28:42 | 000,157,538 | ---- | M] () -- C:\Off White Speckle.jpg
    [2002/04/22 14:24:46 | 000,219,107 | ---- | M] () -- C:\Office Table.jpg
    [2002/04/22 14:25:32 | 000,150,270 | ---- | M] () -- C:\Office.jpg
    [2002/04/22 14:01:54 | 000,080,239 | ---- | M] () -- C:\Old Glory.jpg
    [2002/04/22 15:21:00 | 000,208,102 | ---- | M] () -- C:\Old Tree.jpg
    [2002/01/14 05:02:04 | 000,005,183 | ---- | M] () -- C:\olgames.gif
    [2002/01/30 06:59:26 | 000,029,564 | ---- | M] () -- C:\olgameson.gif
    [2002/01/30 11:41:54 | 000,004,912 | ---- | M] () -- C:\olhelp.gif
    [2002/01/30 11:42:10 | 000,004,976 | ---- | M] () -- C:\olhelpon.gif
    [2002/01/31 04:56:38 | 000,005,053 | ---- | M] () -- C:\olsupport.gif
    [2002/01/31 04:56:24 | 000,005,202 | ---- | M] () -- C:\olsupporton.gif
    [1999/02/21 06:36:42 | 000,003,427 | ---- | M] () -- C:\One Move.lay
    [2002/04/22 11:44:30 | 000,266,110 | ---- | M] () -- C:\One Small Step.jpg
    [2002/04/22 15:25:40 | 000,151,891 | ---- | M] () -- C:\Ooze.jpg
    [2002/04/12 08:21:30 | 000,105,772 | ---- | M] () -- C:\options.EXE
    [2002/02/26 11:55:42 | 000,004,882 | ---- | M] () -- C:\options.gif
    [2009/02/06 16:51:42 | 000,000,011 | ---- | M] () -- C:\options.ini
    [2002/02/26 11:55:58 | 000,004,975 | ---- | M] () -- C:\optionson.gif
    [2002/04/15 09:10:06 | 000,041,158 | ---- | M] () -- C:\Orange Paper.jpg
    [2000/08/28 14:06:34 | 000,013,672 | ---- | M] () -- C:\Orange.jpg
    [2002/04/15 09:10:06 | 000,041,158 | ---- | M] () -- C:\orangepaper.jpg
    [2002/04/22 11:47:16 | 000,109,415 | ---- | M] () -- C:\Orbit.jpg
    [1999/01/28 04:31:28 | 000,003,437 | ---- | M] () -- C:\Orbital.lay
    [2002/04/22 15:29:54 | 000,092,821 | ---- | M] () -- C:\Overpass.jpg
    [2011/01/24 07:26:09 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2002/04/18 15:33:24 | 000,046,041 | ---- | M] () -- C:\Pale Yellow.jpg
    [2002/04/19 16:55:02 | 000,333,133 | ---- | M] () -- C:\Palm Leaves.jpg
    [2002/04/22 13:39:20 | 000,273,907 | ---- | M] () -- C:\Pals 2.jpg
    [2002/04/22 12:25:44 | 000,129,928 | ---- | M] () -- C:\Pals.jpg
    [2002/04/18 08:39:38 | 000,151,450 | ---- | M] () -- C:\Parchment 2.jpg
    [2002/04/18 08:39:30 | 000,146,621 | ---- | M] () -- C:\Parchment.jpg
    [2002/04/15 13:51:06 | 000,019,555 | ---- | M] () -- C:\parmecium1.jpg
    [2002/04/15 14:13:04 | 000,021,039 | ---- | M] () -- C:\parmecium10.jpg
    [2002/04/15 14:14:06 | 000,013,381 | ---- | M] () -- C:\parmecium11.jpg
    [2002/04/15 14:14:02 | 000,016,034 | ---- | M] () -- C:\parmecium12.jpg
    [2002/04/15 14:14:00 | 000,016,376 | ---- | M] () -- C:\parmecium13.jpg
    [2002/04/15 14:13:56 | 000,009,808 | ---- | M] () -- C:\parmecium14.jpg
    [2002/04/15 14:13:52 | 000,016,046 | ---- | M] () -- C:\parmecium15.jpg
    [2002/04/15 13:56:36 | 000,016,531 | ---- | M] () -- C:\parmecium2.jpg
    [2002/04/15 14:06:08 | 000,012,186 | ---- | M] () -- C:\parmecium3.jpg
    [2002/04/15 14:04:22 | 000,019,777 | ---- | M] () -- C:\parmecium4.jpg
    [2002/04/15 14:12:20 | 000,021,118 | ---- | M] () -- C:\parmecium5.jpg
    [2002/04/15 14:11:58 | 000,022,198 | ---- | M] () -- C:\parmecium6.jpg
    [2002/04/15 14:13:12 | 000,022,936 | ---- | M] () -- C:\parmecium7.jpg
    [2002/04/15 14:13:14 | 000,019,027 | ---- | M] () -- C:\parmecium8.jpg
    [2002/04/15 14:13:08 | 000,011,814 | ---- | M] () -- C:\parmecium9.jpg
    [2000/10/25 11:46:22 | 000,265,430 | ---- | M] () -- C:\Parquet.jpg
    [2000/08/28 14:16:20 | 000,017,240 | ---- | M] () -- C:\Pastels.jpg
    [2002/04/15 12:03:30 | 000,004,039 | ---- | M] () -- C:\Patio Brick 2.jpg
    [2002/04/15 11:55:02 | 000,008,385 | ---- | M] () -- C:\Patio Brick.jpg
    [2002/04/22 15:18:12 | 000,349,134 | ---- | M] () -- C:\Patio Bricks.jpg
    [2002/04/22 15:15:50 | 000,403,778 | ---- | M] () -- C:\Patio.jpg
    [2002/04/23 17:03:38 | 000,000,141 | ---- | M] () -- C:\Patio.txt
    [2002/04/15 12:03:30 | 000,004,039 | ---- | M] () -- C:\patio_tile.jpg
    [2002/04/22 14:02:12 | 000,077,832 | ---- | M] () -- C:\Patriotic.jpg
    [2002/04/23 17:04:44 | 000,000,150 | ---- | M] () -- C:\Patriotic.txt
    [2002/04/22 14:30:20 | 000,277,960 | ---- | M] () -- C:\Pattern.jpg
    [2002/04/10 09:50:16 | 000,271,560 | ---- | M] () -- C:\Patterns.jpg
    [2002/04/22 15:17:28 | 000,373,657 | ---- | M] () -- C:\Pavement.jpg
    [2002/04/05 17:18:22 | 000,003,426 | ---- | M] () -- C:\Peace.lay
    [2000/10/25 11:46:18 | 000,273,774 | ---- | M] () -- C:\Pearl.jpg
    [2002/04/15 08:56:50 | 000,070,390 | ---- | M] () -- C:\pebbles.jpg
    [2002/04/02 14:22:12 | 000,003,426 | ---- | M] () -- C:\People.lay
    [2002/04/12 08:54:18 | 000,394,446 | ---- | M] () -- C:\Pewter.jpg
    [1999/01/02 12:11:46 | 000,003,423 | ---- | M] () -- C:\Phoenix.lay
    [2000/07/04 19:23:08 | 000,034,710 | ---- | M] () -- C:\Phyl.bmp
    [2002/04/22 13:44:54 | 000,134,490 | ---- | M] () -- C:\Picnic.jpg
    [2002/04/22 11:40:58 | 000,097,359 | ---- | M] () -- C:\Piggybank.jpg
    [2000/10/25 11:46:14 | 000,231,471 | ---- | M] () -- C:\pine.jpg
    [2002/04/22 14:18:28 | 000,107,752 | ---- | M] () -- C:\Pink Cotton.jpg
    [2000/10/25 11:46:12 | 000,298,929 | ---- | M] () -- C:\Pink Marble.jpg
    [2002/04/18 15:54:12 | 000,110,867 | ---- | M] () -- C:\Pink Satin.jpg
    [2002/04/22 14:29:40 | 000,237,350 | ---- | M] () -- C:\Pink Squiggle.jpg
    [2002/04/22 12:03:08 | 000,189,626 | ---- | M] () -- C:\Pink Tulips.jpg
    [2002/04/19 17:07:28 | 000,270,844 | ---- | M] () -- C:\Pink.jpg
    [2002/04/19 17:08:36 | 000,293,205 | ---- | M] () -- C:\Pink2.jpg
    [2002/01/30 11:44:42 | 000,000,320 | ---- | M] () -- C:\pipe.gif
    [2002/02/04 07:00:42 | 000,000,245 | ---- | M] () -- C:\pipe2.gif
    [2000/06/01 02:04:24 | 000,011,304 | ---- | M] () -- C:\Pixel Fires.jpg
    [2002/04/22 15:12:42 | 000,093,257 | ---- | M] () -- C:\Plane Flying.jpg
    [2002/04/23 16:06:00 | 000,000,154 | ---- | M] () -- C:\Planets.txt
    [2002/04/11 11:33:30 | 000,157,399 | ---- | M] () -- C:\Plants.jpg
    [2002/04/15 04:30:26 | 000,009,702 | ---- | M] () -- C:\playon.gif
    [2002/04/11 13:37:26 | 000,166,809 | ---- | M] () -- C:\Pool Balls.jpg
    [2002/04/12 10:10:58 | 000,034,710 | ---- | M] () -- C:\Pool.bmp
    [2002/04/22 15:24:18 | 000,132,443 | ---- | M] () -- C:\Pool.jpg
    [2002/04/22 12:21:40 | 000,177,347 | ---- | M] () -- C:\Porch.jpg
    [2002/04/22 15:16:34 | 000,225,645 | ---- | M] () -- C:\Porous.jpg
    [2002/04/18 16:10:32 | 000,003,438 | ---- | M] () -- C:\Portal.lay
    [2002/04/24 11:22:20 | 000,025,827 | ---- | M] () -- C:\Português (Brazil).txt
    [2002/04/24 11:22:30 | 000,028,170 | ---- | M] () -- C:\Português (Portugal).txt
    [2002/04/22 13:50:44 | 000,263,945 | ---- | M] () -- C:\Potato.jpg
    [2002/04/22 14:58:08 | 000,181,787 | ---- | M] () -- C:\Power Lines 2.jpg
    [2002/04/22 14:57:36 | 000,181,196 | ---- | M] () -- C:\Power Lines.jpg
    [2002/04/22 15:00:18 | 000,196,008 | ---- | M] () -- C:\Power Plant.jpg
    [2002/04/22 14:55:02 | 000,109,142 | ---- | M] () -- C:\Present.jpg
    [2002/04/18 16:19:36 | 000,003,423 | ---- | M] () -- C:\Present.lay
    [2002/04/22 14:55:12 | 000,101,012 | ---- | M] () -- C:\Presents.jpg
    [2002/01/31 04:57:30 | 000,005,015 | ---- | M] () -- C:\privacy.gif
    [2002/01/31 04:57:46 | 000,005,156 | ---- | M] () -- C:\privacyon.gif
    [2000/10/25 11:46:08 | 000,317,734 | ---- | M] () -- C:\Psychedelia.jpg
    [2002/04/22 12:12:36 | 000,169,848 | ---- | M] () -- C:\Pump.jpg
    [2000/10/25 11:46:06 | 000,357,199 | ---- | M] () -- C:\Purple Marble.jpg
    [2002/04/19 16:05:04 | 000,181,253 | ---- | M] () -- C:\Purple Pansies.jpg
    [2002/04/18 15:51:56 | 000,085,737 | ---- | M] () -- C:\Purple Satin.jpg
    [2002/04/19 10:54:04 | 000,107,213 | ---- | M] () -- C:\Purple.jpg
    [2002/04/16 11:19:16 | 000,320,052 | ---- | M] () -- C:\puzzle.jpg
    [2002/04/15 14:14:58 | 000,011,741 | ---- | M] () -- C:\puzzle2.jpg
    [2002/04/15 14:14:58 | 000,009,723 | ---- | M] () -- C:\puzzle3.jpg
    [2002/04/15 14:14:58 | 000,010,607 | ---- | M] () -- C:\puzzle4.jpg
    [2002/04/15 14:14:58 | 000,015,454 | ---- | M] () -- C:\puzzle5.jpg
    [2002/04/15 14:14:58 | 000,019,688 | ---- | M] () -- C:\puzzle6.jpg
    [2002/04/15 14:14:58 | 000,019,881 | ---- | M] () -- C:\puzzle7.jpg
    [2002/04/15 14:14:56 | 000,017,720 | ---- | M] () -- C:\puzzle8.jpg
    [2002/04/15 14:14:56 | 000,019,541 | ---- | M] () -- C:\puzzle9.jpg
    [2002/04/12 09:27:46 | 000,305,408 | ---- | M] () -- C:\Pyramid.jpg
    [1998/11/20 16:05:50 | 000,003,448 | ---- | M] () -- C:\Pyramid.lay
    [2000/10/25 11:46:02 | 000,259,052 | ---- | M] () -- C:\Pyramids.jpg
    [2002/04/12 08:46:08 | 000,258,884 | ---- | M] () -- C:\Quartz.jpg
    [2002/04/19 16:36:36 | 000,110,092 | ---- | M] () -- C:\RAAD1.jpg
    [2002/04/02 17:29:20 | 000,003,426 | ---- | M] () -- C:\Rabbit.lay
    [2002/04/22 14:56:32 | 000,081,218 | ---- | M] () -- C:\Radio Tower.jpg
    [2000/04/15 20:42:26 | 000,048,894 | ---- | M] () -- C:\Rain Dust.mid
    [2000/10/25 11:45:58 | 000,321,176 | ---- | M] () -- C:\Rain.jpg
    [2002/04/19 17:16:54 | 000,386,494 | ---- | M] () -- C:\Rainbow.jpg
    [2002/04/02 17:48:38 | 000,003,426 | ---- | M] () -- C:\Rays.lay
    [2002/04/12 08:42:40 | 000,303,336 | ---- | M] () -- C:\Real.jpg
    [2002/04/22 15:18:48 | 000,356,048 | ---- | M] () -- C:\Red Cement.jpg
    [2002/04/22 14:18:12 | 000,112,484 | ---- | M] () -- C:\Red Cotton.jpg
    [2002/04/15 09:27:14 | 000,025,415 | ---- | M] () -- C:\Red Fabric.jpg
    [2002/04/23 15:39:16 | 000,000,182 | ---- | M] () -- C:\Red Fabric.txt
    [2002/04/19 16:39:40 | 000,146,595 | ---- | M] () -- C:\Red Hot Rod 2.jpg
    [2002/04/19 16:35:50 | 000,124,500 | ---- | M] () -- C:\Red Hot Rod.jpg
    [2002/04/22 11:54:36 | 000,135,202 | ---- | M] () -- C:\Red Nebula.jpg
    [2002/04/16 11:28:26 | 000,380,859 | ---- | M] () -- C:\Red Oak.jpg
    [2002/04/19 16:05:52 | 000,128,289 | ---- | M] () -- C:\Red Pansies.jpg
    [2002/04/22 12:23:44 | 000,150,230 | ---- | M] () -- C:\Red Parrot.jpg
    [2002/04/22 14:22:36 | 000,200,576 | ---- | M] () -- C:\Red Satin2.jpg
    [2002/04/08 11:40:28 | 000,032,418 | ---- | M] () -- C:\red stone.jpg
    [2002/04/19 17:10:52 | 000,305,381 | ---- | M] () -- C:\Red Yellow Roses.jpg
    [2000/08/28 11:47:22 | 000,005,483 | ---- | M] () -- C:\Red.jpg
    [2002/04/15 09:27:14 | 000,025,415 | ---- | M] () -- C:\redfabric.jpg
    [2002/04/22 14:57:52 | 000,087,942 | ---- | M] () -- C:\Refinery.jpg
    [2002/04/19 16:56:06 | 000,176,272 | ---- | M] () -- C:\Reflection.jpg
    [2002/01/30 03:34:34 | 000,001,932 | ---- | M] () -- C:\register.gif
    [2002/02/01 04:41:00 | 000,002,841 | ---- | M] () -- C:\register.htm
    [2002/01/30 03:39:36 | 000,002,002 | ---- | M] () -- C:\registerdown.gif
    [2002/01/31 05:08:50 | 000,004,955 | ---- | M] () -- C:\registerol.gif
    [2002/01/31 05:09:04 | 000,005,186 | ---- | M] () -- C:\registerolon.gif
    [2002/01/30 03:35:00 | 000,001,980 | ---- | M] () -- C:\registeron.gif
    [2002/04/19 17:03:20 | 000,312,620 | ---- | M] () -- C:\Rhino.jpg
    [2002/04/10 11:47:34 | 000,075,037 | ---- | M] () -- C:\RhonTor.jpg
    [2002/04/22 14:03:30 | 000,292,987 | ---- | M] () -- C:\Ribbon.jpg
    [2002/04/12 08:43:12 | 000,393,882 | ---- | M] () -- C:\Rice Paper.jpg
    [2002/04/15 05:16:26 | 000,009,765 | ---- | M] () -- C:\right_04.gif
    [2000/07/31 21:23:06 | 000,034,710 | ---- | M] () -- C:\Rinder.BMP
    [2002/04/10 09:53:54 | 000,021,558 | ---- | M] () -- C:\Rings.bmp
    [2002/04/10 09:54:02 | 000,021,558 | ---- | M] () -- C:\Rings2.bmp
    [2002/04/15 13:52:04 | 000,012,230 | ---- | M] () -- C:\ripplechrome1.jpg
    [2002/04/15 14:13:04 | 000,012,918 | ---- | M] () -- C:\ripplechrome10.jpg
    [2002/04/15 14:14:06 | 000,007,604 | ---- | M] () -- C:\ripplechrome11.jpg
    [2002/04/15 14:14:02 | 000,010,626 | ---- | M] () -- C:\ripplechrome12.jpg
    [2002/04/15 14:14:00 | 000,011,011 | ---- | M] () -- C:\ripplechrome13.jpg
    [2002/04/15 14:13:56 | 000,006,591 | ---- | M] () -- C:\ripplechrome14.jpg
    [2002/04/15 14:13:50 | 000,009,857 | ---- | M] () -- C:\ripplechrome15.jpg
    [2002/04/15 13:56:30 | 000,010,015 | ---- | M] () -- C:\ripplechrome2.jpg
    [2002/04/15 14:05:58 | 000,006,797 | ---- | M] () -- C:\ripplechrome3.jpg
    [2002/04/15 14:04:14 | 000,012,529 | ---- | M] () -- C:\ripplechrome4.jpg
    [2002/04/15 14:12:20 | 000,012,833 | ---- | M] () -- C:\ripplechrome5.jpg
    [2002/04/15 14:11:36 | 000,013,899 | ---- | M] () -- C:\ripplechrome6.jpg
    [2002/04/15 14:13:12 | 000,014,929 | ---- | M] () -- C:\ripplechrome7.jpg
    [2002/04/15 14:13:14 | 000,012,391 | ---- | M] () -- C:\ripplechrome8.jpg
    [2002/04/15 14:13:08 | 000,007,059 | ---- | M] () -- C:\ripplechrome9.jpg
    [2002/04/22 15:24:32 | 000,219,202 | ---- | M] () -- C:\Ripples.jpg
    [1998/11/20 16:18:30 | 000,003,442 | ---- | M] () -- C:\River Bridge.lay
    [2002/04/22 11:51:56 | 000,235,415 | ---- | M] () -- C:\River.jpg
    [2002/04/22 15:15:12 | 000,239,281 | ---- | M] () -- C:\Road.jpg
    [2002/04/15 14:14:56 | 000,016,284 | ---- | M] () -- C:\roccoco_nautilus1.jpg
    [2002/04/15 14:16:02 | 000,013,750 | ---- | M] () -- C:\roccoco_nautilus10.jpg
    [2002/04/15 14:15:58 | 000,016,453 | ---- | M] () -- C:\roccoco_nautilus11.jpg
    [2002/04/15 14:15:56 | 000,014,981 | ---- | M] () -- C:\roccoco_nautilus12.jpg
    [2002/04/15 14:15:52 | 000,015,928 | ---- | M] () -- C:\roccoco_nautilus13.jpg
    [2002/04/15 14:15:48 | 000,015,699 | ---- | M] () -- C:\roccoco_nautilus14.jpg
    [2002/04/15 14:15:40 | 000,012,383 | ---- | M] () -- C:\roccoco_nautilus15.jpg
    [2002/04/15 14:14:52 | 000,014,208 | ---- | M] () -- C:\roccoco_nautilus2.jpg
    [2002/04/15 14:14:50 | 000,017,140 | ---- | M] () -- C:\roccoco_nautilus3.jpg
    [2002/04/15 14:14:48 | 000,016,807 | ---- | M] () -- C:\roccoco_nautilus4.jpg
    [2002/04/15 14:14:46 | 000,013,366 | ---- | M] () -- C:\roccoco_nautilus5.jpg
    [2002/04/15 14:14:46 | 000,016,381 | ---- | M] () -- C:\roccoco_nautilus6.jpg
    [2002/04/15 14:14:44 | 000,012,219 | ---- | M] () -- C:\roccoco_nautilus8.jpg
    [2002/04/15 14:14:42 | 000,014,806 | ---- | M] () -- C:\roccoco_nautilus9.jpg
    [2002/04/22 15:25:54 | 000,382,217 | ---- | M] () -- C:\Rock.jpg
    [2002/04/01 11:58:24 | 000,076,576 | ---- | M] () -- C:\Rock2000.jpg
    [2002/04/10 11:48:58 | 000,128,123 | ---- | M] () -- C:\Rockback222.jpg
    [2002/04/22 12:04:12 | 000,224,621 | ---- | M] () -- C:\Rocks.jpg
    [2002/04/22 15:03:54 | 000,248,534 | ---- | M] () -- C:\Roller.jpg
    [2002/04/19 16:33:18 | 000,148,916 | ---- | M] () -- C:\Rollerblades.jpg
    [2002/04/19 10:40:08 | 000,403,555 | ---- | M] () -- C:\Roman1.jpg
    [2002/04/19 10:42:54 | 000,353,105 | ---- | M] () -- C:\Roman2.jpg
    [2002/04/19 10:44:36 | 000,392,270 | ---- | M] () -- C:\Roman3.jpg
    [2002/04/19 10:46:02 | 000,329,381 | ---- | M] () -- C:\Roman4.jpg
    [2002/04/12 08:58:28 | 000,261,830 | ---- | M] () -- C:\Roses.jpg
    [2002/04/16 11:29:02 | 000,350,215 | ---- | M] () -- C:\Rosewood.jpg
    [2002/04/22 11:38:36 | 000,155,891 | ---- | M] () -- C:\Ruins.jpg
    [2002/04/29 12:16:02 | 000,014,806 | ---- | M] () -- C:\rules-de.rtf
    [2002/04/29 12:16:26 | 000,012,026 | ---- | M] () -- C:\Rules-es.rtf
    [2002/04/23 09:00:54 | 000,010,206 | ---- | M] () -- C:\rules-fr.rtf
    [2002/04/29 12:17:06 | 000,011,384 | ---- | M] () -- C:\rules-it.rtf
    [2002/04/29 12:17:30 | 000,014,499 | ---- | M] () -- C:\Rules-po.rtf
    [2002/04/23 09:00:28 | 000,009,099 | ---- | M] () -- C:\rules.rtf
    [2002/04/22 15:37:50 | 000,164,068 | ---- | M] () -- C:\Runway.jpg
    [2002/04/22 15:33:56 | 000,149,582 | ---- | M] () -- C:\Rush Hour.jpg
    [2002/04/22 15:32:56 | 000,162,474 | ---- | M] () -- C:\Sail Board.jpg
    [2002/04/22 12:04:40 | 000,124,054 | ---- | M] () -- C:\Sailboats.jpg
    [2002/04/12 08:46:24 | 000,349,071 | ---- | M] () -- C:\Sandpaper.jpg
    [2002/04/22 13:52:06 | 000,208,242 | ---- | M] () -- C:\Sandwich.jpg
    [2002/04/22 14:59:38 | 000,117,555 | ---- | M] () -- C:\Satelite Dish.jpg
    [2002/04/22 14:58:32 | 000,124,315 | ---- | M] () -- C:\Satellite Dish.jpg
    [2002/04/22 14:58:52 | 000,097,053 | ---- | M] () -- C:\Satellite Dish2.jpg
    [2002/04/22 14:59:12 | 000,108,991 | ---- | M] () -- C:\Satellite Dish3.jpg
    [2002/04/22 14:59:26 | 000,078,982 | ---- | M] () -- C:\Satellite Dish4.jpg
    [2002/04/22 14:59:52 | 000,132,141 | ---- | M] () -- C:\Satellite Dish5.jpg
    [2002/04/22 11:45:10 | 000,202,161 | ---- | M] () -- C:\Satellite.jpg
    [2002/04/22 11:45:44 | 000,255,681 | ---- | M] () -- C:\Satellite2.jpg
    [2002/04/08 14:45:38 | 000,099,295 | ---- | M] () -- C:\Satin.jpg
    [2002/04/22 12:01:48 | 000,080,084 | ---- | M] () -- C:\Saturn.jpg
    [2002/04/18 16:20:40 | 000,003,433 | ---- | M] () -- C:\Scales of Justice.lay
    [2002/04/15 14:15:40 | 000,010,449 | ---- | M] () -- C:\scalething1.jpg
    [2002/04/15 14:15:26 | 000,006,893 | ---- | M] () -- C:\scalething10.jpg
    [2002/04/15 14:15:38 | 000,012,299 | ---- | M] () -- C:\scalething2.jpg
    [2002/04/15 14:15:36 | 000,012,882 | ---- | M] () -- C:\scalething3.jpg
    [2002/04/15 14:15:36 | 000,013,707 | ---- | M] () -- C:\scalething4.jpg
    [2002/04/15 14:15:34 | 000,012,275 | ---- | M] () -- C:\scalething5.jpg
    [2002/04/15 14:15:32 | 000,011,001 | ---- | M] () -- C:\scalething6.jpg
    [2002/04/15 14:15:32 | 000,010,069 | ---- | M] () -- C:\scalething7.jpg
    [2002/04/15 14:15:30 | 000,012,844 | ---- | M] () -- C:\scalething8.jpg
    [2002/04/15 14:15:28 | 000,008,870 | ---- | M] () -- C:\scalething9.jpg
    [2009/10/30 10:02:28 | 000,002,913 | ---- | M] () -- C:\ScannerAcr60Patch.log
    [2002/04/12 09:33:54 | 000,218,151 | ---- | M] () -- C:\Scenic Scotland.jpg
    [2002/04/22 14:13:22 | 000,059,885 | ---- | M] () -- C:\Scissors.jpg
    [2002/04/18 16:15:58 | 000,003,439 | ---- | M] () -- C:\Scorpion.lay
    [2000/08/28 14:53:24 | 000,015,983 | ---- | M] () -- C:\Scratches.jpg
    [1998/11/12 14:30:34 | 000,003,438 | ---- | M] () -- C:\***** Up.lay
    [2001/08/14 17:20:40 | 000,014,030 | ---- | M] () -- C:\Seasons.jpg
    [2000/10/25 11:45:54 | 000,384,232 | ---- | M] () -- C:\Seaweed.jpg
    [2001/11/11 12:26:26 | 000,001,036 | ---- | M] () -- C:\select.wav
    [2010/11/25 11:51:59 | 000,000,090 | ---- | M] () -- C:\setup.log
    [1998/11/20 16:28:16 | 000,003,447 | ---- | M] () -- C:\Seven Pyramids.lay
    [1998/11/04 22:05:54 | 000,003,430 | ---- | M] () -- C:\Seven.lay
    [2002/04/19 16:56:56 | 000,231,434 | ---- | M] () -- C:\Shadow.jpg
    [2002/04/16 11:19:58 | 000,290,871 | ---- | M] () -- C:\Shapes 2.jpg
    [2002/04/12 10:00:26 | 000,455,844 | ---- | M] () -- C:\Shapes.jpg
    [2002/04/19 15:57:00 | 000,198,346 | ---- | M] () -- C:\Shell.jpg
    [2002/04/19 16:02:24 | 000,158,426 | ---- | M] () -- C:\Shellaced Pine.jpg
    [2002/04/22 12:22:12 | 000,206,973 | ---- | M] () -- C:\Sheppard.jpg
    [1998/04/08 09:42:18 | 000,019,262 | ---- | M] () -- C:\Shinden.mid
    [2002/04/19 16:57:42 | 000,216,490 | ---- | M] () -- C:\Shoreline.jpg
    [2002/04/19 16:58:06 | 000,159,977 | ---- | M] () -- C:\Shoreline2.jpg
    [1998/11/20 16:07:04 | 000,003,434 | ---- | M] () -- C:\Siam.lay
    [2002/01/17 08:56:12 | 000,063,067 | ---- | M] () -- C:\silkscreen.gif
    [2000/10/25 11:45:52 | 000,249,344 | ---- | M] () -- C:\Silver.jpg
    [2002/04/22 15:36:24 | 000,104,258 | ---- | M] () -- C:\Single Prop.jpg
    [2002/04/10 09:53:02 | 000,021,558 | ---- | M] () -- C:\Small Colors.bmp
    [2002/04/18 16:21:30 | 000,003,426 | ---- | M] () -- C:\Smile.lay
    [2002/04/12 09:51:42 | 000,231,889 | ---- | M] () -- C:\Smileys.jpg
    [2002/04/12 08:47:00 | 000,352,982 | ---- | M] () -- C:\Smokey.jpg
    [2002/04/02 14:00:26 | 000,003,426 | ---- | M] () -- C:\Snail.lay
    [2002/04/02 12:12:22 | 000,003,426 | ---- | M] () -- C:\Snake.lay
    [2002/04/15 14:17:02 | 000,005,223 | ---- | M] () -- C:\snakeskin.jpg
    [2002/04/22 11:37:40 | 000,211,283 | ---- | M] () -- C:\Snow Hill.jpg
    [2002/04/22 11:37:22 | 000,201,924 | ---- | M] () -- C:\Snow Valley.jpg
    [2002/04/22 17:01:22 | 000,442,016 | ---- | M] () -- C:\snow.jpg
    [2002/04/16 11:20:50 | 000,375,353 | ---- | M] () -- C:\Snowflakes.jpg
    [2002/04/22 11:37:00 | 000,252,404 | ---- | M] () -- C:\Snowscape.jpg
    [2002/04/19 16:30:14 | 000,188,134 | ---- | M] () -- C:\Soccer.jpg
    [2002/04/01 11:58:38 | 000,062,274 | ---- | M] () -- C:\SoftSnow.jpg
    [2002/04/10 09:50:54 | 000,301,709 | ---- | M] () -- C:\Solar.jpg
    [2002/04/02 14:38:34 | 000,003,426 | ---- | M] () -- C:\Solitaire.lay
    [2002/04/23 15:59:22 | 000,000,145 | ---- | M] () -- C:\Southwest.txt
    [1999/02/11 17:25:50 | 000,003,426 | ---- | M] () -- C:\Space Ship.lay
    [2002/04/22 11:43:48 | 000,136,771 | ---- | M] () -- C:\Spacewalk.jpg
    [2002/04/15 14:14:54 | 000,047,807 | ---- | M] () -- C:\space_mandala1.jpg
    [2002/04/15 14:16:02 | 000,048,307 | ---- | M] () -- C:\space_mandala10.jpg
    [2002/04/15 14:15:58 | 000,050,903 | ---- | M] () -- C:\space_mandala11.jpg
    [2002/04/15 14:15:56 | 000,040,575 | ---- | M] () -- C:\space_mandala12.jpg
    [2002/04/15 14:15:52 | 000,045,647 | ---- | M] () -- C:\space_mandala13.jpg
    [2002/04/15 14:15:48 | 000,045,801 | ---- | M] () -- C:\space_mandala14.jpg
    [2002/04/15 14:15:40 | 000,030,363 | ---- | M] () -- C:\space_mandala15.jpg
    [2002/04/15 14:14:52 | 000,050,594 | ---- | M] () -- C:\space_mandala2.jpg
    [2002/04/15 14:14:50 | 000,056,918 | ---- | M] () -- C:\space_mandala3.jpg
    [2002/04/15 14:14:48 | 000,058,466 | ---- | M] () -- C:\space_mandala4.jpg
    [2002/04/15 14:14:46 | 000,048,551 | ---- | M] () -- C:\space_mandala5.jpg
    [2002/04/15 14:14:46 | 000,058,899 | ---- | M] () -- C:\space_mandala6.jpg
    [2002/04/15 14:14:44 | 000,043,136 | ---- | M] () -- C:\space_mandala8.jpg
    [2002/04/15 14:14:42 | 000,044,915 | ---- | M] () -- C:\space_mandala9.jpg
    [2002/04/15 14:14:56 | 000,017,267 | ---- | M] () -- C:\spaghetti_chrome1.jpg
    [2002/04/15 14:16:04 | 000,017,742 | ---- | M] () -- C:\spaghetti_chrome10.jpg
    [2002/04/15 14:16:00 | 000,018,368 | ---- | M] () -- C:\spaghetti_chrome11.jpg
    [2002/04/15 14:15:58 | 000,015,146 | ---- | M] () -- C:\spaghetti_chrome12.jpg
    [2002/04/15 14:15:54 | 000,016,551 | ---- | M] () -- C:\spaghetti_chrome13.jpg
    [2002/04/15 14:15:50 | 000,016,824 | ---- | M] () -- C:\spaghetti_chrome14.jpg
    [2002/04/15 14:15:42 | 000,011,795 | ---- | M] () -- C:\spaghetti_chrome15.jpg
    [2002/04/15 14:14:54 | 000,018,689 | ---- | M] () -- C:\spaghetti_chrome2.jpg
    [2002/04/15 14:14:52 | 000,020,572 | ---- | M] () -- C:\spaghetti_chrome3.jpg
    [2002/04/15 14:14:50 | 000,021,227 | ---- | M] () -- C:\spaghetti_chrome4.jpg
    [2002/04/15 14:14:48 | 000,018,132 | ---- | M] () -- C:\spaghetti_chrome5.jpg
    [2002/04/15 14:14:46 | 000,021,540 | ---- | M] () -- C:\spaghetti_chrome6.jpg
    [2002/04/15 14:14:44 | 000,016,362 | ---- | M] () -- C:\spaghetti_chrome8.jpg
    [2002/04/15 14:15:00 | 000,016,250 | ---- | M] () -- C:\spaghetti_chrome9.jpg
    [2002/04/16 11:26:30 | 000,356,884 | ---- | M] () -- C:\Spanish Cedar.jpg
    [2002/04/15 13:48:32 | 000,018,751 | ---- | M] () -- C:\speckle1.jpg
    [2002/04/15 13:46:56 | 000,017,720 | ---- | M] () -- C:\speckle10.jpg
    [2002/04/15 13:47:04 | 000,021,113 | ---- | M] () -- C:\speckle11.jpg
    [2002/04/15 13:47:12 | 000,017,839 | ---- | M] () -- C:\speckle12.jpg
    [2002/04/15 13:47:20 | 000,016,514 | ---- | M] () -- C:\speckle13.jpg
    [2002/04/15 13:48:12 | 000,018,677 | ---- | M] () -- C:\speckle14.jpg
    [2002/04/15 13:47:42 | 000,016,910 | ---- | M] () -- C:\speckle15.jpg
    [2002/04/15 13:47:50 | 000,015,703 | ---- | M] () -- C:\speckle16.jpg
    [2002/04/15 13:48:00 | 000,017,988 | ---- | M] () -- C:\speckle17.jpg
    [2002/04/15 13:48:06 | 000,016,498 | ---- | M] () -- C:\speckle18.jpg
    [2002/04/15 13:47:28 | 000,017,886 | ---- | M] () -- C:\speckle19.jpg
    [2002/04/15 13:48:38 | 000,019,331 | ---- | M] () -- C:\speckle2.jpg
    [2002/04/15 13:46:16 | 000,021,544 | ---- | M] () -- C:\speckle20.jpg
    [2002/04/15 13:46:30 | 000,018,366 | ---- | M] () -- C:\speckle21.jpg
    [2002/04/15 13:46:22 | 000,016,068 | ---- | M] () -- C:\speckle22.jpg
    [2002/04/15 13:45:52 | 000,020,224 | ---- | M] () -- C:\speckle23.jpg
    [2002/04/15 13:45:28 | 000,017,527 | ---- | M] () -- C:\speckle24.jpg
    [2002/04/15 13:45:02 | 000,015,505 | ---- | M] () -- C:\speckle25.jpg
    [2002/04/15 13:48:46 | 000,017,674 | ---- | M] () -- C:\speckle3.jpg
    [2002/04/15 13:48:54 | 000,018,799 | ---- | M] () -- C:\speckle4.jpg
    [2002/04/15 13:49:32 | 000,021,425 | ---- | M] () -- C:\speckle5.jpg
    [2002/04/15 13:49:08 | 000,018,390 | ---- | M] () -- C:\speckle6.jpg
    [2002/04/15 13:49:16 | 000,018,597 | ---- | M] () -- C:\speckle7.jpg
    [2002/04/15 13:49:26 | 000,021,502 | ---- | M] () -- C:\speckle8.jpg
    [2002/04/15 13:49:02 | 000,018,333 | ---- | M] () -- C:\speckle9.jpg
    [2002/04/15 09:07:16 | 000,042,734 | ---- | M] () -- C:\Speckled.jpg
    [2002/04/22 13:39:48 | 000,177,302 | ---- | M] () -- C:\Speedy.jpg
    [2002/04/15 13:50:42 | 000,011,573 | ---- | M] () -- C:\spinwheel1.jpg
    [2002/04/15 14:13:16 | 000,012,380 | ---- | M] () -- C:\spinwheel10.jpg
    [2002/04/15 14:14:06 | 000,008,098 | ---- | M] () -- C:\spinwheel11.jpg
    [2002/04/15 14:14:02 | 000,010,206 | ---- | M] () -- C:\spinwheel12.jpg
    [2002/04/15 14:13:58 | 000,010,523 | ---- | M] () -- C:\spinwheel13.jpg
    [2002/04/15 14:13:56 | 000,006,838 | ---- | M] () -- C:\spinwheel14.jpg
    [2002/04/15 14:13:50 | 000,009,915 | ---- | M] () -- C:\spinwheel15.jpg
    [2002/04/15 13:57:34 | 000,010,028 | ---- | M] () -- C:\spinwheel2.jpg
    [2002/04/15 14:05:50 | 000,007,350 | ---- | M] () -- C:\spinwheel3.jpg
    [2002/04/15 14:04:08 | 000,011,755 | ---- | M] () -- C:\spinwheel4.jpg
    [2002/04/15 14:12:20 | 000,012,354 | ---- | M] () -- C:\spinwheel5.jpg
    [2002/04/15 14:12:32 | 000,013,152 | ---- | M] () -- C:\spinwheel6.jpg
    [2002/04/15 14:13:10 | 000,013,980 | ---- | M] () -- C:\spinwheel7.jpg
    [2002/04/15 14:13:14 | 000,011,783 | ---- | M] () -- C:\spinwheel8.jpg
    [2002/04/15 14:13:08 | 000,007,587 | ---- | M] () -- C:\spinwheel9.jpg
    [2002/04/22 11:52:58 | 000,173,339 | ---- | M] () -- C:\Spiral Galaxy.jpg
    [2002/04/22 16:04:48 | 000,129,823 | ---- | M] () -- C:\Splash.jpg
    [2002/04/19 10:48:06 | 000,403,594 | ---- | M] () -- C:\Sports.jpg
    [2002/04/19 10:49:32 | 000,650,290 | ---- | M] () -- C:\Sports1.jpg
    [2002/04/10 11:48:00 | 000,073,049 | ---- | M] () -- C:\Spring.jpg
    [2002/04/22 15:02:04 | 000,273,701 | ---- | M] () -- C:\Sprocket.jpg
    [2002/04/22 15:03:36 | 000,322,129 | ---- | M] () -- C:\Sprocket2.jpg
    [1999/02/04 23:02:12 | 000,003,436 | ---- | M] () -- C:\Square.lay
    [2002/04/12 08:54:44 | 000,390,135 | ---- | M] () -- C:\Stained Glass.jpg
    [2002/04/22 13:46:22 | 000,138,039 | ---- | M] () -- C:\Stampede.jpg
    [2002/04/11 11:32:54 | 000,211,906 | ---- | M] () -- C:\Stamps.jpg
    [2002/04/19 15:48:10 | 000,249,931 | ---- | M] () -- C:\Starfish.jpg
    [2000/07/19 19:22:28 | 000,034,710 | ---- | M] () -- C:\Stars.BMP
    [2002/04/22 17:00:10 | 000,352,115 | ---- | M] () -- C:\Stars.jpg
    [2002/01/17 05:57:22 | 000,021,245 | ---- | M] () -- C:\startmenu.gif
    [2002/04/22 15:24:48 | 000,122,842 | ---- | M] () -- C:\Steam.jpg
    [1998/12/25 13:29:12 | 000,003,450 | ---- | M] () -- C:\Step Pyramid.lay
     
    baldcajun,
    #20
Page 1 of 5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...