Inactive very slow to process applications, load or internet.

rpicon · 2011/02/16

[Inactive] very slow to process applications, load or internet.

very slow to upload, run programs open browsers and load. Used Malwarebytes to scan, first scan found a virus:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5680

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

2011-02-04 18:39:22
mbam-log-2011-02-04 (18-39-22).txt

Scan type: Quick scan
Objects scanned: 201750
Time elapsed: 9 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\emxqfxoy (Trojan.Downloader) -> Value: emxqfxoy -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\rick picon\local settings\temp\hbfbxlufu\spmlcissjmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

I have the GMER report:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-15 09:51:15
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: vvi1j13j.exe; Driver: C:\DOCUME~1\RICKPI~1\LOCALS~1\Temp\kxtorpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA0B11728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA0B187EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA0B186A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA0B18CA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA0B18BBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA0B18276]
SSDT sptd.sys ZwEnumerateKey [0xB9EDBD48]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EDC0C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA0B117D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA0B1877E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA0B181B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA0B18218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA0B11870]
SSDT sptd.sys ZwQueryKey [0xB9EDC18A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA0B188C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA0B18D76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA0B18880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA0B18A04]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB4B8C770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB4B8C810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB4B8C8B0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA0B2582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA0B25652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA0B2578C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BF8 80503AD4 4 Bytes JMP C4A0B187
PAGE ntkrnlpa.exe!ZwLoadDriver 80582F22 7 Bytes JMP A0B25790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9FE4 7 Bytes JMP A0B25656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BB0D0 5 Bytes JMP A0B211EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1A06 5 Bytes JMP A0B22C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFBDA 7 Bytes JMP A0B25832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3197.SYS The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB89C9360, 0x1DE5ED, 0xE8000020]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B88D54D0 16 Bytes [FF, CF, 39, 9A, 07, BD, 95, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B88D54E1 31 Bytes [40, 8D, B8, 8E, 1B, A5, A2, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
init C:\Program Files\GameTap\bin\Release\X4HSX32.Sys entry point in "init" section [0xBA453D80]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Rick Picon\Desktop\vvi1j13j.exe[3008] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Rick Picon\Desktop\vvi1j13j.exe[3008] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3792] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E352056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E351FD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E35201B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E351F63 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E351F9D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E352091 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5692] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E352253 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[7620] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED7A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED7B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED7AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED86CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED85A2] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1316] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00720002
IAT C:\WINDOWS\system32\services.exe[1316] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00720000

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device 89E4B5D0
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 88AD20E8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{849CB337-DE20-421B-AC9E-B4F750CB1F7B} 890613B0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E4BEB0
Device \Driver\dmio \Device\DmControl\DmConfig 89E4BEB0
Device \Driver\dmio \Device\DmControl\DmPnP 89E4BEB0
Device \Driver\dmio \Device\DmControl\DmInfo 89E4BEB0
Device \Driver\00000117 \Device\00000055 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E4B0E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E4B0E8
Device \Driver\Cdrom \Device\CdRom0 893C6828
Device \FileSystem\Rdbss \Device\FsWrap 89063610
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E4B0E8
Device \Driver\Cdrom \Device\CdRom1 893C6828
Device \Driver\Cdrom \Device\CdRom2 893C6828
Device \Driver\Ftdisk \Device\HarddiskVolume4 89E4B0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 890613B0
Device \Driver\NetBT \Device\NetbiosSmb 890613B0

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Disk \Device\Harddisk0\DR0 89E4B808

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88B9B0E8
Device 88B9B0E8
Device \FileSystem\Npfs \Device\NamedPipe 8904C780
Device \Driver\Ftdisk \Device\FtControl 89E4B0E8
Device \FileSystem\Msfs \Device\Mailslot 89054708
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 89276EB0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 89276EB0

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device 892A0790
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1255686754
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1468089294
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -934213699
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x3D 0xA8 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x16 0x49 0x3B 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDD 0xD0 0x1A 0x07 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\ProgID@ Ietag.OOC.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\TypeLib@ {06CA6721-CB57-449E-8097-E65B9F543A1A}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A3A2B9E-9578-3331-B05A-263E86B0B30D}\VersionIndependentProgID@ Ietag.OOC

---- EOF - GMER 1.0.15 ----

Will post MBR and DDS results next...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5680

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2011-02-04 20:24:30
mbam-log-2011-02-04 (20-24-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 320734
Time elapsed: 1 hour(s), 36 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

rpicon · 2011/02/16

cont..

MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0008807c

Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9ED6000 sptd.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9EBE000 \WINDOWS\System32\Drivers\SPTD3197.SYS
0xB9E90000 ACPI.sys
0xB9E7F000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E60000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9E3A000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9E22000 atapi.sys
0xB9D4D000 iastor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9D2D000 fltMgr.sys
0xB9D1B000 sr.sys
0xB9D05000 DRVMCDB.SYS
0xBA338000 PxHelp20.sys
0xB9CEE000 KSecDD.sys
0xB9C61000 Ntfs.sys
0xB9C34000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9C19000 Mup.sys
0xBA340000 avgrkx86.sys
0xBA118000 AVGIDSEH.Sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA158000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB89C9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB89B5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB898F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8964000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA350000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8941000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA368000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA178000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5E6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB891E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA370000 \SystemRoot\System32\Drivers\GearAspiWDM.SYS
0xB88D4000 \SystemRoot\System32\Drivers\vaxscsi.sys
0xB88BC000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0xBA7BE000 \SystemRoot\system32\DRIVERS\LMImirr.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xBA7BF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8D36000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB71DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8D26000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8D16000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB71CD000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8D06000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB719C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8CF6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7168000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BE5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8CE6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB06D1000 \SystemRoot\system32\drivers\sthda.sys
0xB06AF000 \SystemRoot\system32\drivers\portcls.sys
0xB3FEF000 \SystemRoot\system32\drivers\drmk.sys
0xB2D04000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA630000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA632000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB2CE4000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xBA634000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6DA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA636000 \SystemRoot\System32\Drivers\Beep.SYS
0xB3693000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB368B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB3683000 \SystemRoot\System32\drivers\vga.sys
0xBA63A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA63C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB367B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB3673000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB933C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0594000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB053B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB04F3000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xB04D2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB2CC4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB2CB4000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB04AA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB0488000 \SystemRoot\System32\drivers\afd.sys
0xB2CA4000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB0463000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xB1C8B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB0438000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1C83000 \SystemRoot\system32\ckldrv.sys
0xB0351000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB2C84000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0315000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xB3BD3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAEEC3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB05DF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB192E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB1926000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0xB191E000 \SystemRoot\system32\DRIVERS\LHidKE.Sys
0xAADF6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA8D59000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xB4B7A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8C84000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAD890000 \SystemRoot\System32\drivers\Dxapi.sys
0xB369B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA94AB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA902D000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA751000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA7179000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA98F5000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5B6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB1C93000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA7161000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA714B000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAD8AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7046000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA278000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6FCB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAE2B9000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB4B8A000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA6F3A000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA78E000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xBA60A000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA6E98000 \SystemRoot\system32\DRIVERS\srv.sys
0xADFF2000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xA6DE6000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xBA450000 \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
0xBA148000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA6D96000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB499F000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA539B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA705B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA1F8E000 \??\C:\DOCUME~1\RICKPI~1\LOCALS~1\Temp\kxtorpow.sys
0xA1F16000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA3B8000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA0B4F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA0B08000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA6F83000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA3859000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD7C2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA0831000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
976 C:\WINDOWS\system32\smss.exe
1056 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
1236 csrss.exe
1264 C:\WINDOWS\system32\winlogon.exe
1316 C:\WINDOWS\system32\services.exe
1328 C:\WINDOWS\system32\lsass.exe
1552 C:\WINDOWS\system32\svchost.exe
1648 svchost.exe
1772 C:\WINDOWS\system32\svchost.exe
1836 svchost.exe
1988 svchost.exe
432 C:\WINDOWS\system32\spoolsv.exe
992 C:\Program Files\AVG\AVG10\avgfws.exe
1220 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1632 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
1700 C:\Program Files\Java\jre6\bin\jqs.exe
1744 C:\Program Files\LogMeIn\x86\ramaint.exe
1924 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2008 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
256 C:\WINDOWS\system32\nvsvc32.exe
560 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
2068 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2512 C:\Program Files\AVG\AVG10\avgam.exe
2568 C:\Program Files\AVG\AVG10\avgnsx.exe
2952 C:\WINDOWS\explorer.exe
3232 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3240 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3284 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3428 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
3448 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3520 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3552 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3568 C:\Program Files\LogMeIn\x86\LMIGuardian.exe
3604 C:\Program Files\AVG\AVG10\avgtray.exe
3664 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3676 C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
3732 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
3792 C:\Program Files\MSN Messenger\msnmsgr.exe
3816 C:\WINDOWS\system32\ctfmon.exe
1032 alg.exe
1904 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
2464 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3088 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3708 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
1868 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
3820 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5692 C:\Program Files\Internet Explorer\iexplore.exe
8232 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
7620 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
4944 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
6512 C:\Documents and Settings\Rick Picon\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`27f4c800 (NTFS)

PhysicalDrive0 Model Number:

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by rpicon at 10:00:01.48 on 2011-02-15
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1155 [GMT -5:00]

AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\Rick Picon\Local Settings\temp\144.tmp\MBR.DAT
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Rick Picon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yaho.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [PlaxoUpdate] c:\documents and settings\rick picon\local settings\application data\plaxo\3.25.0.87\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\documents and settings\rick picon\local settings\application data\plaxo\3.25.0.87\PlaxoSysTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe "
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe "
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE "
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA "& "inst=NwA3AC0ANAAxADkANAAwADUAMQAyADcALQBCAC0AQgBBAFIAOQBPACsAMQAtAFgATwAzADYAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA "& "prod=90 "& "ver=9.0.872
StartupFolder: c:\docume~1\rickpi~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
StartupFolder: c:\docume~1\rickpi~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1831/SkillGround.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rickpi~1\applic~1\mozilla\firefox\profiles\cu58ft3k.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c34b73d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-14 294608]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-14 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-14 40384]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-27 47640]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-1-30 223128]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-17 34760]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2011-02-14 21:06:44 38848 ----a-w- c:\windows\avastSS.scr
2011-02-14 21:06:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-11 18:05:30 -------- d-----w- c:\docume~1\rickpi~1\applic~1\AVG
2011-02-10 21:46:29 -------- d--h--w- C:\$AVG
2011-02-10 19:37:13 -------- d-----w- c:\docume~1\rickpi~1\applic~1\AVG10
2011-02-10 19:31:53 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-10 19:29:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-10 19:29:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-10 17:00:23 -------- d-----w- C:\cmdcons
2011-02-10 16:56:30 -------- d-s---w- C:\ComboFix

==================== Find3M ====================

============= FINISH: 10:01:06.38 ===============

Admin. · 2011/02/16

Missing Attach.txt (Step 4)

rpicon · 2011/02/17

attach.txt....

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006-03-31 13:54:53
System Uptime: 2011-02-14 12:23:36 (22 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 109 GiB total, 29.776 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 6.035 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
P: is NetworkDisk (NTFS) - 136 GiB total, 44.775 GiB free.
T: is NetworkDisk (NTFS) - 136 GiB total, 44.775 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP355: 2010-11-17 17:56:01 - System Checkpoint
RP356: 2010-11-18 18:32:57 - System Checkpoint
RP357: 2010-11-19 18:33:26 - System Checkpoint
RP358: 2010-11-20 19:33:02 - System Checkpoint
RP359: 2010-11-21 20:32:55 - System Checkpoint
RP360: 2010-11-22 21:32:56 - System Checkpoint
RP361: 2010-11-23 14:36:09 - Software Distribution Service 3.0
RP362: 2010-11-24 09:30:27 - Avg Update
RP363: 2010-11-24 09:31:46 - Avg Update
RP364: 2010-11-28 09:26:25 - System Checkpoint
RP365: 2010-11-29 09:32:45 - System Checkpoint
RP366: 2010-11-30 10:32:45 - System Checkpoint
RP367: 2010-12-01 12:48:01 - System Checkpoint
RP368: 2010-12-02 13:12:16 - System Checkpoint
RP369: 2010-12-03 13:33:42 - System Checkpoint
RP370: 2010-12-04 14:32:36 - System Checkpoint
RP371: 2010-12-05 15:32:34 - System Checkpoint
RP372: 2010-12-06 16:28:40 - System Checkpoint
RP373: 2010-12-07 17:54:32 - System Checkpoint
RP374: 2010-12-08 17:56:35 - System Checkpoint
RP375: 2010-12-09 17:59:31 - System Checkpoint
RP376: 2010-12-10 18:32:32 - System Checkpoint
RP377: 2010-12-11 19:32:24 - System Checkpoint
RP378: 2010-12-12 20:32:23 - System Checkpoint
RP379: 2010-12-13 21:32:24 - System Checkpoint
RP380: 2010-12-14 22:32:20 - System Checkpoint
RP381: 2010-12-15 23:32:18 - System Checkpoint
RP382: 2010-12-17 00:32:15 - System Checkpoint
RP383: 2010-12-18 01:32:14 - System Checkpoint
RP384: 2010-12-19 02:32:11 - System Checkpoint
RP385: 2010-12-20 03:32:10 - System Checkpoint
RP386: 2010-12-21 04:32:09 - System Checkpoint
RP387: 2010-12-22 05:32:08 - System Checkpoint
RP388: 2010-12-23 06:32:06 - System Checkpoint
RP389: 2010-12-24 07:32:04 - System Checkpoint
RP390: 2010-12-25 08:32:00 - System Checkpoint
RP391: 2010-12-26 09:31:58 - System Checkpoint
RP392: 2010-12-27 10:31:57 - System Checkpoint
RP393: 2010-12-28 13:20:28 - System Checkpoint
RP394: 2010-12-29 13:32:07 - System Checkpoint
RP395: 2010-12-30 17:57:44 - System Checkpoint
RP396: 2010-12-31 18:31:48 - System Checkpoint
RP397: 2011-01-01 19:31:45 - System Checkpoint
RP398: 2011-01-02 20:31:43 - System Checkpoint
RP399: 2011-01-03 21:31:39 - System Checkpoint
RP400: 2011-01-04 22:31:38 - System Checkpoint
RP401: 2011-01-05 23:31:33 - System Checkpoint
RP402: 2011-01-07 00:31:32 - System Checkpoint
RP403: 2011-01-08 01:31:30 - System Checkpoint
RP404: 2011-01-09 02:31:08 - System Checkpoint
RP405: 2011-01-10 02:31:20 - System Checkpoint
RP406: 2011-01-11 03:16:40 - System Checkpoint
RP407: 2011-01-12 04:16:45 - System Checkpoint
RP408: 2011-01-13 04:49:05 - System Checkpoint
RP409: 2011-01-14 05:48:13 - System Checkpoint
RP410: 2011-01-15 05:49:22 - System Checkpoint
RP411: 2011-01-16 06:48:54 - System Checkpoint
RP412: 2011-01-17 07:48:57 - System Checkpoint
RP413: 2011-01-18 08:48:28 - System Checkpoint
RP414: 2011-01-19 08:50:03 - System Checkpoint
RP415: 2011-01-20 08:50:13 - System Checkpoint
RP416: 2011-01-21 09:33:29 - System Checkpoint
RP417: 2011-01-22 09:35:12 - System Checkpoint
RP418: 2011-01-23 10:33:29 - System Checkpoint
RP419: 2011-01-24 14:04:59 - System Checkpoint
RP420: 2011-01-25 15:40:47 - System Checkpoint
RP421: 2011-01-26 16:33:17 - System Checkpoint
RP422: 2011-01-27 17:15:07 - System Checkpoint
RP423: 2011-01-28 17:54:49 - System Checkpoint
RP424: 2011-01-29 18:33:05 - System Checkpoint
RP425: 2011-01-30 19:33:06 - System Checkpoint
RP426: 2011-01-31 20:33:04 - System Checkpoint
RP427: 2011-02-01 21:33:01 - System Checkpoint
RP428: 2011-02-02 22:33:00 - System Checkpoint
RP429: 2011-02-03 23:32:58 - System Checkpoint
RP430: 2011-02-04 23:45:41 - System Checkpoint
RP431: 2011-02-06 00:45:41 - System Checkpoint
RP432: 2011-02-07 00:46:50 - System Checkpoint
RP433: 2011-02-08 01:44:34 - System Checkpoint
RP434: 2011-02-09 01:45:34 - System Checkpoint
RP435: 2011-02-10 02:45:35 - System Checkpoint
RP436: 2011-02-10 11:49:35 - Removed AVG Free 9.0
RP437: 2011-02-10 11:52:23 - Installed AVG Free 9.0
RP438: 2011-02-10 14:28:39 - Installed AVG 2011
RP439: 2011-02-10 14:29:24 - Installed AVG 2011
RP440: 2011-02-11 17:01:56 - System Checkpoint
RP441: 2011-02-12 17:08:05 - System Checkpoint
RP442: 2011-02-13 18:07:53 - System Checkpoint
RP443: 2011-02-14 16:06:35 - avast! Free Antivirus Setup

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AIM Pro
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Ask Toolbar
AutoUpdate
avast! Free Antivirus
AVG 2011
AVG PC Tuneup 2011
Classic Menu for Office
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Digital Content Portal
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
GameTap
Google
Google Calendar Sync
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 20
KhalSetup
Logitech SetPoint
LogMeIn
Macromedia Flash Player
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Math Add-in for Word 2007
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.7)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NaviPlan Standard Offline 11.0.2.0
Network Assistant
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Plaxo Toolbar for Windows
PokerStars
PokerStars.net
PortfolioCenter
PortfolioCenter Management Console
QBFC3.0
Qualxserve Service Agreement
QuickBooks Pro 2006
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Relationship Manager
RetCalc 2.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RSSRadio
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows XP (KB896688)
SkillGround Game Manager
Stamps.com
Stamps.com Address Book Support for Microsoft Outlook 97-2007
Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
Stamps.com support for Microsoft Outlook 2000-2007
Stamps.com support for Microsoft Outlook 97-2007
Stamps.com support for Microsoft Word 2000-2007
SUPERAntiSpyware Free Edition
TD AMERITRADE Statements/Confirmations Manager
Total Access Memo 2003 Runtime
UnHackMe 5.00 release
Update for Outlook 2007 Junk Email Filter (KB934655)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2011-02-14 15:11:37, error: NETLOGON [5719] - No Domain Controller is available for domain ARIBAGLB due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2011-02-11 11:36:18, error: Service Control Manager [7034] - The StarWind iSCSI Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-11 11:36:18, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-11 11:36:17, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-11 11:36:17, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
2011-02-11 11:36:17, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-11 11:36:17, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2011-02-11 11:36:17, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
2011-02-10 11:55:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2011-02-10 11:54:24, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
2011-02-10 11:46:14, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 12 time(s).
2011-02-10 11:46:08, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 11 time(s).
2011-02-10 11:45:57, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2011-02-10 11:45:51, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 10 time(s).
2011-02-10 11:45:46, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 9 time(s).
2011-02-10 11:45:36, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 8 time(s).
2011-02-10 11:45:27, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 7 time(s).
2011-02-10 11:40:30, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2011-02-10 11:40:23, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 6 time(s).
2011-02-10 11:40:07, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 5 time(s).
2011-02-10 11:39:50, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 4 time(s).
2011-02-10 11:39:44, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 3 time(s).
2011-02-10 11:39:34, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 2 time(s).
2011-02-10 11:39:23, error: Service Control Manager [7034] - The AVG Firewall service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

PeteC · 2011/02/17

You appear to have 2 x Antivirus programs installed ....

avast! Free Antivirus
AVG 2011
Click to expand...

One must go.

rpicon · 2011/02/17

removing AVG 2011

broni · 2011/02/17

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

You're running two AV programs, AVG and Avast.
One of them has to go.
If AVG (preferably), make sure to use this tool to uninstall it: http://www.avg.com/us-en/download-tools
AVG PC Tuneup 2011 should go as well - nothing more, but asking for problems.

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

rpicon · 2011/02/22

ComboFix 11-02-21.02 - rpicon 2011-02-22 12:17:16.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1567 [GMT -5:00]
Running from: c:\documents and settings\Rick Picon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-15 16:59 . 2011-02-15 16:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
2011-02-14 21:07 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-14 21:07 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-14 21:07 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-14 21:07 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-14 21:07 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-14 21:07 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-14 21:07 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-14 21:06 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-14 21:06 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-14 21:06 . 2011-02-14 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-10 19:37 . 2011-02-10 19:37 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\AVG10
2011-02-10 19:31 . 2011-02-10 19:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-02-10 19:29 . 2011-02-17 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-03-24 16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-03-24 16:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate "= "c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe" [2011-01-05 813448]
"PlaxoSysTray "= "c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoSysTray.exe" [2011-01-05 15752]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\Rick Picon\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2007-8-29 340856]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 18:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-30 643072]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-14 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-14 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-01-30 223128]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
.
Contents of the 'Scheduled Tasks' folder

2011-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 01:11]

2011-02-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yaho.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c34b73d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Rick Picon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 12:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\37a13e80]
"imagepath "= "\??\c:\windows\TEMP\298.tmp "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\900bcfdc]
"imagepath "= "\??\c:\windows\TEMP\55F.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2088)
c:\windows\system32\WININET.dll
c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plx_hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2011-02-22 12:33:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-22 17:32

Pre-Run: 33,362,878,464 bytes free
Post-Run: 33,477,951,488 bytes free

- - End Of File - - F4A055B03F453B43FC223848EF12C7B0

broni · 2011/02/22

Uninstall Ask Toolbar, known foistware.

==========================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\Rick Picon\Application Data\AVG10

DDS::
uInternet Settings,ProxyOverride = <local>
Trusted Zone: musicmatch.com\online

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\37a13e80]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\900bcfdc]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

broni · 2011/02/22

Uninstall Ask Toolbar, known foistware.

==========================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\Rick Picon\Application Data\AVG10

DDS::
uInternet Settings,ProxyOverride = <local>
Trusted Zone: musicmatch.com\online

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\37a13e80]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\900bcfdc]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

rpicon · 2011/02/23

ComboFix 11-02-21.02 - rpicon 2011-02-23 11:44:07.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1504 [GMT -5:00]
Running from: c:\documents and settings\Rick Picon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick Picon\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\All Users\Application Data\AVG10\Chjw\6042c3b042c2fdb\avgcchff.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\6042c3b042c2fdb\avgcchfi.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\6042c3b042c2fdb\avgcchmf.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\6042c3b042c2fdb\avgcchmi.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\f4a0866fa08637de\avgcchff.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\f4a0866fa08637de\avgcchfi.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\f4a0866fa08637de\avgcchmf.dat
c:\documents and settings\All Users\Application Data\AVG10\Chjw\f4a0866fa08637de\avgcchmi.dat
c:\documents and settings\All Users\Application Data\AVG10\lsdb\prev\prvcache.dat
c:\documents and settings\All Users\Application Data\AVG10\lsdb\prev\prvglbl.dat
c:\documents and settings\Rick Picon\Application Data\AVG10
c:\documents and settings\Rick Picon\Application Data\AVG10\cfgall\outlook.cfg
c:\documents and settings\Rick Picon\Application Data\AVG10\cfgall\usergui.cfg

.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-15 16:59 . 2011-02-15 16:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
2011-02-14 21:07 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-14 21:07 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-14 21:07 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-14 21:07 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-14 21:07 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-14 21:07 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-14 21:07 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-14 21:06 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-14 21:06 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-14 21:06 . 2011-02-14 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-10 19:31 . 2011-02-10 19:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-03-24 16:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-03-24 16:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate "= "c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe" [2011-01-05 813448]
"PlaxoSysTray "= "c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoSysTray.exe" [2011-01-05 15752]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\documents and settings\Rick Picon\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2007-8-29 340856]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-25 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 18:30 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
"c:\\Program Files\\Network Assistant\\Nassi.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
"c:\\Program Files\\Xolox\\XoloxEXE.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP "= 135:TCPCOM
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"3393:TCP "= 3393:TCP:RD-Rick
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-30 643072]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-14 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-14 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-01-30 223128]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
.
Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 01:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yaho.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c34b73d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 11:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-02-23 11:52:13
ComboFix-quarantined-files.txt 2011-02-23 16:52
ComboFix2.txt 2011-02-22 17:33

Pre-Run: 33,416,667,136 bytes free
Post-Run: 33,462,935,552 bytes free

- - End Of File - - A71953AAF55842F2D21FDF886552920B

broni · 2011/02/23

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

rpicon · 2011/02/25

OTL logfile created on: 2011-02-25 10:54:20 - Run 4
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Rick Picon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 30.77 Gb Free Space | 28.34% Space Free | Partition Type: NTFS
Drive D: | 36.96 Gb Total Space | 6.03 Gb Free Space | 16.33% Space Free | Partition Type: NTFS
Drive G: | 916.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 136.02 Gb Total Space | 56.52 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive T: | 136.02 Gb Total Space | 56.52 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: GLB-RPICON-02 | User Name: rpicon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-02-25 10:52:47 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
PRC - [2011-01-13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-01-13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011-01-05 18:19:48 | 000,813,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
PRC - [2010-07-26 14:52:06 | 000,546,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010-02-18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009-10-01 13:30:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009-10-01 13:30:10 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009-05-30 14:00:24 | 007,573,504 | ---- | M] (Gracebyte Software) -- C:\Program Files\Network Assistant\Nassi.exe
PRC - [2007-05-10 21:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007-04-17 13:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007-04-17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007-03-28 11:12:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006-06-20 21:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-06-20 21:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005-10-05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005-09-08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005-06-17 08:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005-04-01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004-08-04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011-02-25 10:52:47 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
MOD - [2011-01-13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011-01-05 18:19:50 | 000,055,176 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plx_hook.dll
MOD - [2009-07-12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009-07-12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2006-08-25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2000-12-27 17:40:58 | 000,043,008 | ---- | M] () -- C:\Program Files\Network Assistant\hooks.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-01-13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-10-01 13:30:35 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2007-05-23 13:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007-04-17 13:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007-03-28 11:12:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005-06-17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005-04-01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)

========== Driver Services (SafeList) ==========

DRV - [2011-01-13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-01-13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-01-13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-01-13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-01-13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-01-13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-10-01 13:30:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009-09-25 16:44:49 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009-06-23 10:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009-06-23 10:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-02-17 12:40:24 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2008-10-17 09:25:11 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-02-28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007-05-01 16:15:54 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007-01-30 11:36:42 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007-01-30 11:26:47 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006-12-29 11:30:25 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006-11-07 05:48:44 | 000,023,040 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2006-06-29 23:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006-05-10 08:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006-05-10 08:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006-03-07 08:07:09 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005-11-16 22:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005-09-12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005-09-08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005-09-08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005-09-08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005-09-08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005-09-08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005-09-08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005-09-08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005-08-25 20:05:24 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005-08-25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005-08-25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005-08-12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005-07-09 00:57:00 | 003,198,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-06-17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2004-08-12 18:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004-08-04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2001-08-17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yaho.com/
IE - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c34b73d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-17 14:12:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-17 14:12:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011-02-04 18:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Extensions
[2011-02-04 18:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\extensions
[2011-02-24 16:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006-11-16 11:22:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010-07-06 11:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009-07-21 09:33:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-04-12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-03-12 12:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll

O1 HOSTS File: ([2011-02-23 11:50:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115..\Run: [PlaxoSysTray] C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115..\Run: [PlaxoUpdate] C:\Documents and Settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3500089258-3802542852-2463999137-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} http://www1.skillground.com/cab1831/SkillGround.cab (SkillGround Game Manager)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} https://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab (UrlDownloader Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} https://www.laserapp.com/dev/detect/lavdetect.ocx (LASDetectX Control)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} https://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB (veoExpress.ctlVeoExpress)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-10-23 07:20:07 | 000,000,057 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011-02-25 10:52:44 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2011-02-23 14:30:03 | 000,000,000 | ---D | C] -- C:\CFSLib
[2011-02-15 11:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
[2011-02-14 16:07:13 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011-02-14 16:07:13 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011-02-14 16:07:13 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-02-14 16:07:13 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011-02-14 16:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011-02-14 16:07:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011-02-14 16:07:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011-02-14 16:07:12 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011-02-14 16:06:44 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011-02-14 16:06:44 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-02-14 16:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-11 11:35:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\TFC.exe
[2011-02-10 14:31:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-02-10 12:00:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-02-10 11:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-02-04 18:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Picon\Application Data\Mozilla
[2011-02-04 18:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2003-12-09 12:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll

========== Files - Modified Within 30 Days ==========

rpicon · 2011/02/25

========== Files - Modified Within 30 Days ==========

[2011-02-25 10:52:47 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2011-02-25 06:20:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-02-25 01:13:46 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011-02-24 15:59:20 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-02-24 15:59:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-02-24 15:58:15 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-24 15:58:15 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-23 11:50:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-02-22 12:29:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011-02-22 12:29:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2011-02-22 12:29:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2011-02-22 12:29:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011-02-22 12:12:06 | 004,272,549 | R--- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ComboFix.exe
[2011-02-17 12:54:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2011-02-17 12:54:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011-02-16 11:56:39 | 000,098,187 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ENGINE_BANK_1_AND_BANK_2_A_F_AND_02_IDENTIFICATION_T-EG034-07.pdf
[2011-02-15 09:53:01 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\dds.scr
[2011-02-14 16:07:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-02-11 15:03:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\MBRCheck.exe
[2011-02-11 15:02:51 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\vvi1j13j.exe
[2011-02-11 12:02:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011-02-11 12:02:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2011-02-11 12:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011-02-11 12:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011-02-11 11:35:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\TFC.exe
[2011-02-10 15:57:06 | 000,209,920 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-10 12:00:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-02-08 14:30:35 | 000,249,588 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ALI-ABA%20Form%20ADV%20Part%202%20Outline.pdf
[2011-02-08 14:25:34 | 000,017,418 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Sample_Brochure_Supp_10Jan2011.pdf
[2011-02-08 14:23:17 | 000,207,292 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Link1_ADV-Par-%202--Tips-for-Coping-Paper.pdf
[2011-02-08 14:15:12 | 000,103,379 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\NoticeADV2.pdf
[2011-02-08 13:59:19 | 000,266,984 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\formadv-part2.pdf
[2011-02-08 13:54:53 | 000,621,772 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ADV_Part_II_Firm_User_90.pdf
[2011-02-08 13:51:08 | 000,161,740 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\20100810-investment-advisor-registration-requirements[1].pdf
[2011-02-08 13:45:26 | 000,114,869 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Compliance.pdf
[2011-02-08 13:43:37 | 000,692,957 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\investmentmanagementupdate2219.pdf
[2011-02-04 18:44:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011-02-04 18:44:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2011-02-04 18:44:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011-02-04 18:44:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011-02-04 18:11:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-04 17:52:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011-02-04 17:52:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011-02-04 15:11:58 | 000,022,075 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\Nora Allocation.pdf

========== Files Created - No Company Name ==========

[2011-02-22 12:11:54 | 004,272,549 | R--- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\ComboFix.exe
[2011-02-17 13:00:24 | 2145,546,240 | -HS- | C] () -- C:\hiberfil.sys
[2011-02-16 11:56:39 | 000,098,187 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\ENGINE_BANK_1_AND_BANK_2_A_F_AND_02_IDENTIFICATION_T-EG034-07.pdf
[2011-02-15 09:53:25 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\dds.scr
[2011-02-11 15:03:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\MBRCheck.exe
[2011-02-11 15:02:51 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\vvi1j13j.exe
[2011-02-11 12:02:14 | 000,002,064 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\PortfolioCenter.lnk
[2011-02-08 14:30:35 | 000,249,588 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\ALI-ABA%20Form%20ADV%20Part%202%20Outline.pdf
[2011-02-08 14:25:34 | 000,017,418 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Sample_Brochure_Supp_10Jan2011.pdf
[2011-02-08 14:23:17 | 000,207,292 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Link1_ADV-Par-%202--Tips-for-Coping-Paper.pdf
[2011-02-08 14:15:12 | 000,103,379 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\NoticeADV2.pdf
[2011-02-08 13:54:53 | 000,621,772 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\ADV_Part_II_Firm_User_90.pdf
[2011-02-08 13:54:25 | 000,266,984 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\formadv-part2.pdf
[2011-02-08 13:51:08 | 000,161,740 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\20100810-investment-advisor-registration-requirements[1].pdf
[2011-02-08 13:45:26 | 000,114,869 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Compliance.pdf
[2011-02-08 13:43:42 | 000,692,957 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\investmentmanagementupdate2219.pdf
[2011-02-04 18:11:37 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-02-04 15:08:42 | 000,022,075 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Desktop\Nora Allocation.pdf
[2010-01-20 17:36:30 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010-01-20 17:36:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010-01-20 17:36:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010-01-20 17:36:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009-11-05 12:04:51 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009-09-28 15:45:49 | 000,018,851 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\jepiqod.dl
[2009-09-28 15:45:49 | 000,018,170 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\otumy._dl
[2009-09-28 15:45:49 | 000,013,673 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxol.bat
[2009-09-28 15:45:49 | 000,013,499 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\xacomihony.dll
[2009-09-28 15:45:49 | 000,013,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ujiluj._sy
[2009-09-28 15:45:49 | 000,013,123 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\ehipep.scr
[2009-09-28 15:45:49 | 000,012,631 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\xobusob.lib
[2009-09-28 15:45:49 | 000,012,400 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\bufezo.dl
[2009-09-28 15:45:49 | 000,011,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rycaxujy.exe
[2009-09-28 15:45:49 | 000,011,348 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\liqeli._sy
[2009-09-28 15:45:49 | 000,010,318 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\rafofula.exe
[2009-09-25 16:43:14 | 000,011,296 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\zilyjev.bin
[2009-09-25 16:43:14 | 000,010,753 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\ofawivetud.bat
[2009-09-25 16:43:13 | 000,019,692 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\sarehof._dl
[2009-09-25 16:43:13 | 000,019,469 | ---- | C] () -- C:\WINDOWS\System32\aveda.dll
[2009-09-25 16:43:13 | 000,019,160 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\arizojuxas.com
[2009-09-25 16:43:13 | 000,019,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izuhyp.bat
[2009-09-25 16:43:13 | 000,014,276 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\lysocewity._dl
[2009-09-25 16:43:13 | 000,013,702 | ---- | C] () -- C:\WINDOWS\ehubanowo.sys
[2009-09-25 16:43:13 | 000,012,612 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\exasoby.vbs
[2009-09-25 16:43:13 | 000,012,144 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\okahogog.dl
[2009-09-25 15:27:02 | 000,019,801 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\jeno.scr
[2009-09-25 15:27:02 | 000,011,460 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\zyzowy.dll
[2009-09-25 15:27:02 | 000,011,123 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\pemuzelit.dl
[2009-08-10 13:15:12 | 000,176,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-04-13 16:28:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2008-11-21 08:21:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2007-11-20 16:23:07 | 000,009,365 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Comma Separated Values (DOS).EML
[2007-11-20 16:19:57 | 000,009,363 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft Excel 97-2003.EML
[2007-11-20 16:18:23 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\Comma Separated Values (Windows).EML
[2007-09-25 11:29:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2007-09-25 11:29:18 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2007-09-25 11:29:18 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2007-03-09 17:28:03 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-01-30 11:36:42 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2007-01-30 11:26:47 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-01-30 11:26:47 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3197.sys
[2006-12-29 11:30:26 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006-12-15 10:05:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\xoloxexe.INI
[2006-12-13 09:26:49 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006-11-27 12:37:25 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\.mpid
[2006-10-12 17:18:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006-10-11 08:55:04 | 000,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
[2006-07-27 12:28:42 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006-07-11 17:33:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006-06-12 12:52:07 | 000,209,920 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-05-04 10:19:07 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\$_hpcst$.hpc
[2006-04-29 23:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006-04-17 13:07:45 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-04-13 22:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006-04-13 22:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006-04-13 22:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006-04-11 10:03:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-04-11 08:55:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-03-31 13:38:49 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\fusioncache.dat
[2006-03-31 13:24:58 | 000,000,550 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-03-07 08:18:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-03-07 08:14:39 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-03-07 08:11:00 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006-03-07 07:44:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-11-10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004-08-11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004-08-11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004-08-11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-11 18:00:30 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

rpicon · 2011/02/25

========== LOP Check ==========

[2011-02-14 16:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011-02-10 11:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006-09-18 10:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Centric Services
[2011-02-10 14:31:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009-12-07 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-10-01 12:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007-09-11 12:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009-02-03 13:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008-11-28 11:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011-02-10 14:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006-10-09 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Money Tree Software
[2008-01-16 16:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007-03-14 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006-09-13 13:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2006-12-15 12:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009-06-08 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
[2010-01-20 17:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2007-03-14 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2011-02-25 10:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-07-22 13:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UTour Golf
[2007-03-12 21:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010-03-26 13:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008-12-01 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2008-12-01 15:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2008-12-01 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
[2008-12-01 15:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
[2009-08-17 09:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dfederman\Application Data\Gracebyte Software
[2007-06-25 10:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwalsh\Application Data\Windows Desktop Search
[2006-04-11 10:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\acccore
[2006-11-01 08:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\AIM
[2006-11-01 08:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\AIMPro
[2007-06-22 10:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\BitTorrent
[2010-11-22 16:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\FrostWire
[2006-04-11 10:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Gracebyte Software
[2007-01-30 11:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Leadertech
[2007-03-08 16:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\LinkedIn
[2007-09-24 15:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\MegauploadToolbar
[2006-10-13 10:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Money Tree Software
[2007-03-14 14:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\PlayFirst
[2009-01-23 17:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\PowerChallenge
[2007-11-16 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\RSSRadio
[2007-11-16 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\RSSRadio.local
[2009-11-04 14:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Serif
[2008-01-18 13:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Sigaba
[2009-01-21 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Simply Super Software
[2008-05-08 13:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\SmartDraw
[2008-12-01 15:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\Stamps.com Internet Postage
[2007-03-02 14:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\System Restore
[2007-06-28 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Picon\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006-11-03 12:35:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009-04-23 09:45:02 | 000,000,049 | ---- | M] () -- C:\a0LpMh.txt
[2009-05-12 11:45:20 | 000,000,050 | ---- | M] () -- C:\a0mB.txt
[2009-05-21 21:06:06 | 000,000,050 | ---- | M] () -- C:\a0RX.txt
[2009-05-07 15:45:05 | 000,000,050 | ---- | M] () -- C:\a5Oa7.txt
[2009-05-18 15:04:07 | 000,000,051 | ---- | M] () -- C:\a5Uu.txt
[2009-05-08 06:15:10 | 000,000,051 | ---- | M] () -- C:\A5Uz.txt
[2009-06-18 18:39:07 | 000,000,053 | ---- | M] () -- C:\A6k.txt
[2009-05-12 12:45:19 | 000,000,051 | ---- | M] () -- C:\aaj9eb.txt
[2010-11-16 10:28:48 | 000,011,123 | ---- | M] () -- C:\aaw7boot.log
[2009-05-04 11:45:03 | 000,000,053 | ---- | M] () -- C:\aBysYs.txt
[2009-06-18 18:07:07 | 000,000,048 | ---- | M] () -- C:\aCTvZg.txt
[2009-06-22 14:17:06 | 000,000,051 | ---- | M] () -- C:\Acw.txt
[2009-06-09 10:48:06 | 000,000,048 | ---- | M] () -- C:\aeG.txt
[2009-05-12 00:15:20 | 000,000,048 | ---- | M] () -- C:\aGA.txt
[2009-06-26 14:34:08 | 000,000,049 | ---- | M] () -- C:\AHMK.txt
[2009-05-01 19:00:08 | 000,000,050 | ---- | M] () -- C:\Ahvag.txt
[2009-05-08 10:00:07 | 000,000,049 | ---- | M] () -- C:\AiFqE.txt
[2009-05-22 06:23:07 | 000,000,050 | ---- | M] () -- C:\AIG1KRM.txt
[2009-04-22 16:30:04 | 000,000,048 | ---- | M] () -- C:\Aip.txt
[2009-05-22 00:42:29 | 000,000,052 | ---- | M] () -- C:\AISkCzV.txt
[2009-07-07 10:55:13 | 000,000,050 | ---- | M] () -- C:\AJYa.txt
[2009-05-08 13:00:11 | 000,000,050 | ---- | M] () -- C:\aMb.txt
[2009-05-12 12:15:21 | 000,000,048 | ---- | M] () -- C:\aNfvqCts.txt
[2009-05-04 12:30:02 | 000,000,050 | ---- | M] () -- C:\aNLNogy7.txt
[2009-06-11 09:36:06 | 000,000,050 | ---- | M] () -- C:\aPkW.txt
[2009-05-22 07:57:09 | 000,000,051 | ---- | M] () -- C:\aqUi0c.txt
[2009-05-21 16:23:07 | 000,000,048 | ---- | M] () -- C:\aQWw5.txt
[2006-11-13 11:55:17 | 000,000,584 | ---- | M] () -- C:\AribaGLBletterhead.LNK
[2009-05-12 11:45:20 | 000,000,050 | ---- | M] () -- C:\asbIYvx.txt
[2009-05-18 12:04:13 | 000,000,051 | ---- | M] () -- C:\atGY1O7.txt
[2009-06-26 15:54:06 | 000,000,051 | ---- | M] () -- C:\AVU.txt
[2009-05-18 14:00:06 | 000,000,048 | ---- | M] () -- C:\AWAzUEo.txt
[2009-04-23 14:15:24 | 000,000,053 | ---- | M] () -- C:\AXe5870E.txt
[2009-05-21 17:41:06 | 000,000,051 | ---- | M] () -- C:\AzU.txt
[2009-05-08 20:00:06 | 000,000,050 | ---- | M] () -- C:\b1FMO0.txt
[2009-05-21 16:30:06 | 000,000,051 | ---- | M] () -- C:\B1v.txt
[2009-06-26 11:01:06 | 000,000,052 | ---- | M] () -- C:\b4W1y2.txt
[2009-06-22 14:15:08 | 000,000,052 | ---- | M] () -- C:\B8PYqtfO.txt
[2009-05-01 14:00:02 | 000,000,052 | ---- | M] () -- C:\bAR7d.txt
[2009-05-22 06:08:12 | 000,000,049 | ---- | M] () -- C:\bAv.txt
[2009-04-24 11:45:03 | 000,000,052 | ---- | M] () -- C:\bbhJEySo.txt
[2009-05-21 16:57:09 | 000,000,052 | ---- | M] () -- C:\BCg.txt
[2009-06-22 17:24:08 | 000,000,048 | ---- | M] () -- C:\Bda.txt
[2009-06-09 11:35:08 | 000,000,048 | ---- | M] () -- C:\Bdb.txt
[2009-05-27 14:00:09 | 000,000,050 | ---- | M] () -- C:\bg5kd.txt
[2009-06-18 19:00:06 | 000,000,049 | ---- | M] () -- C:\Bgks.txt
[2009-05-01 10:45:02 | 000,000,052 | ---- | M] () -- C:\bgR.txt
[2009-05-08 03:00:11 | 000,000,050 | ---- | M] () -- C:\bGx.txt
[2009-05-08 15:00:06 | 000,000,048 | ---- | M] () -- C:\BH3x.txt
[2009-05-01 13:45:02 | 000,000,053 | ---- | M] () -- C:\Bi5.txt
[2009-05-21 15:01:05 | 000,000,053 | ---- | M] () -- C:\bKKgsf.txt
[2009-05-21 23:32:16 | 000,000,048 | ---- | M] () -- C:\BKxCL.txt
[2009-01-22 13:30:36 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011-02-10 12:00:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2009-06-18 16:20:07 | 000,000,052 | ---- | M] () -- C:\bqlOdI7.txt
[2009-05-22 16:05:06 | 000,000,052 | ---- | M] () -- C:\bqt5cqJI.txt
[2009-06-17 19:29:09 | 000,000,048 | ---- | M] () -- C:\BRCtKy.txt
[2009-05-27 12:44:06 | 000,000,053 | ---- | M] () -- C:\Brh0.txt
[2009-04-24 17:00:04 | 000,000,052 | ---- | M] () -- C:\btzneidJ.txt
[2009-05-08 19:15:06 | 000,000,052 | ---- | M] () -- C:\bvbQCfR.txt
[2009-06-18 17:01:07 | 000,000,052 | ---- | M] () -- C:\bVuQ6.txt
[2009-05-31 19:04:06 | 000,000,053 | ---- | M] () -- C:\bWEEdX2.txt
[2009-06-09 11:30:10 | 000,000,048 | ---- | M] () -- C:\BxBGEeX.txt
[2009-06-18 11:59:12 | 000,000,049 | ---- | M] () -- C:\BxDMO4B.txt
[2009-05-22 01:26:56 | 000,000,052 | ---- | M] () -- C:\BxEaxsB5.txt
[2009-04-22 16:15:05 | 000,000,052 | ---- | M] () -- C:\bxOCCHrM.txt
[2009-05-08 12:15:08 | 000,000,049 | ---- | M] () -- C:\bzG.txt
[2009-05-22 16:04:06 | 000,000,048 | ---- | M] () -- C:\BzZ3.txt
[2009-06-17 18:55:06 | 000,000,052 | ---- | M] () -- C:\C153.txt
[2009-06-18 10:05:17 | 000,000,053 | ---- | M] () -- C:\c5W1w0r.txt
[2009-06-22 17:59:06 | 000,000,049 | ---- | M] () -- C:\c7gtx.txt
[2009-05-18 15:47:07 | 000,000,050 | ---- | M] () -- C:\C7w.txt
[2009-06-18 15:25:07 | 000,000,049 | ---- | M] () -- C:\ca1.txt
[2009-05-08 06:45:10 | 000,000,052 | ---- | M] () -- C:\caC.txt
[2009-06-19 11:08:10 | 000,000,048 | ---- | M] () -- C:\cAUOSrc.txt
[2009-04-22 14:30:16 | 000,000,050 | ---- | M] () -- C:\cbi3p.txt
[2009-04-22 15:00:21 | 000,000,051 | ---- | M] () -- C:\cCn.txt
[2009-06-17 10:56:09 | 000,000,051 | ---- | M] () -- C:\CD26.txt
[2009-05-12 15:00:17 | 000,000,052 | ---- | M] () -- C:\Ce8hoG5y.txt
[2009-06-18 14:19:15 | 000,000,051 | ---- | M] () -- C:\cFBcv.txt
[2009-05-07 18:30:03 | 000,000,050 | ---- | M] () -- C:\CgCSMcb.txt
[2009-06-18 16:04:06 | 000,000,052 | ---- | M] () -- C:\CMk3z.txt
[2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2009-06-17 18:05:06 | 000,000,049 | ---- | M] () -- C:\cN8ufx.txt
[2009-05-08 05:00:07 | 000,000,053 | ---- | M] () -- C:\cNqAJ2x.txt
[2009-06-22 15:35:06 | 000,000,051 | ---- | M] () -- C:\cocqGE.txt
[2011-02-23 11:52:14 | 000,014,653 | ---- | M] () -- C:\ComboFix.txt
[2004-08-11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-11-18 17:58:15 | 000,210,508 | ---- | M] () -- C:\coreuninstall.log
[2009-05-08 11:00:09 | 000,000,050 | ---- | M] () -- C:\cQr.txt
[2009-05-08 10:31:10 | 000,000,052 | ---- | M] () -- C:\Cr351AzS.txt
[2009-06-22 17:51:06 | 000,000,048 | ---- | M] () -- C:\CvG96f1.txt
[2009-05-27 12:50:06 | 000,000,053 | ---- | M] () -- C:\CWY.txt
[2009-05-11 17:45:09 | 000,000,049 | ---- | M] () -- C:\CX6UNlfS.txt
[2009-05-18 11:57:10 | 000,000,049 | ---- | M] () -- C:\cxb6.txt
[2009-05-08 16:30:05 | 000,000,051 | ---- | M] () -- C:\CXs.txt
[2009-05-12 01:45:22 | 000,000,053 | ---- | M] () -- C:\CYl.txt
[2009-05-22 04:34:13 | 000,000,053 | ---- | M] () -- C:\Cz1k.txt
[2009-05-12 10:00:06 | 000,000,053 | ---- | M] () -- C:\D0TQIY.txt
[2009-06-18 10:33:06 | 000,000,049 | ---- | M] () -- C:\d2w.txt
[2009-06-09 11:01:10 | 000,000,049 | ---- | M] () -- C:\D39.txt
[2009-06-18 13:55:05 | 000,000,048 | ---- | M] () -- C:\d5RJk.txt
[2009-05-07 17:00:03 | 000,000,051 | ---- | M] () -- C:\D6MM24.txt
[2009-05-08 07:15:14 | 000,000,049 | ---- | M] () -- C:\D8HZsrQ1.txt
[2009-06-18 14:54:06 | 000,000,048 | ---- | M] () -- C:\dBbDbg.txt
[2009-04-24 16:15:04 | 000,000,053 | ---- | M] () -- C:\DBhYAdKy.txt
[2009-06-22 15:47:06 | 000,000,051 | ---- | M] () -- C:\dCaXKH.txt
[2009-05-21 14:58:06 | 000,000,051 | ---- | M] () -- C:\DcdmSq.txt
[2009-04-23 09:45:06 | 000,000,053 | ---- | M] () -- C:\ddKRVg.txt
[2009-05-27 14:15:10 | 000,000,051 | ---- | M] () -- C:\ddykzQ4.txt
[2006-03-07 07:50:18 | 000,006,370 | RH-- | M] () -- C:\dell.sdr
[2009-05-22 15:27:05 | 000,000,053 | ---- | M] () -- C:\dELPpWl.txt
[2009-05-21 19:47:06 | 000,000,050 | ---- | M] () -- C:\dgH.txt
[2009-06-22 18:40:07 | 000,000,051 | ---- | M] () -- C:\dGmY9sB.txt
[2009-06-22 12:15:04 | 000,000,053 | ---- | M] () -- C:\dHbRTa.txt
[2009-05-21 18:34:07 | 000,000,051 | ---- | M] () -- C:\dIdiRCd.txt
[2009-04-28 10:00:04 | 000,000,052 | ---- | M] () -- C:\dIpM.txt
[2009-06-17 10:51:07 | 000,000,051 | ---- | M] () -- C:\dJK.txt
[2009-05-01 15:00:02 | 000,000,052 | ---- | M] () -- C:\dkewJjO.txt
[2009-05-14 14:51:04 | 000,000,052 | ---- | M] () -- C:\Dkj4.txt
[2009-05-18 12:21:10 | 000,000,048 | ---- | M] () -- C:\DlPO.txt
[2009-06-18 10:42:08 | 000,000,053 | ---- | M] () -- C:\dMF1bHuV.txt
[2009-06-29 11:05:08 | 000,000,051 | ---- | M] () -- C:\Dnsp.txt
[2009-04-23 13:15:04 | 000,000,048 | ---- | M] () -- C:\Dnx5Tn.txt
[2009-06-11 09:30:10 | 000,000,051 | ---- | M] () -- C:\dO2S.txt
[2009-06-17 17:44:06 | 000,000,052 | ---- | M] () -- C:\dO3GqGK.txt
[2009-05-11 14:45:09 | 000,000,052 | ---- | M] () -- C:\DoddJUb.txt
[2009-05-12 02:00:25 | 000,000,052 | ---- | M] () -- C:\dokI8GQ.txt
[2009-06-22 18:32:06 | 000,000,053 | ---- | M] () -- C:\dPRGu.txt
[2009-05-28 10:03:10 | 000,000,052 | ---- | M] () -- C:\dPv.txt
[2009-05-08 12:30:11 | 000,000,048 | ---- | M] () -- C:\Dq3.txt
[2009-06-17 13:08:05 | 000,000,049 | ---- | M] () -- C:\DqRd.txt
[2009-06-16 16:20:04 | 000,000,050 | ---- | M] () -- C:\DR2OyP.txt
[2009-05-08 14:30:06 | 000,000,053 | ---- | M] () -- C:\DSWVS.txt
[2009-05-01 16:15:02 | 000,000,048 | ---- | M] () -- C:\DvGl.txt
[2009-05-08 04:30:11 | 000,000,053 | ---- | M] () -- C:\dWa6b.txt
[2009-04-22 13:15:35 | 000,000,048 | ---- | M] () -- C:\dww.txt
[2009-06-26 11:07:07 | 000,000,051 | ---- | M] () -- C:\E0VR.txt
[2009-05-18 15:58:06 | 000,000,048 | ---- | M] () -- C:\e5Ok.txt

rpicon · 2011/02/25

[2009-05-27 13:22:06 | 000,000,048 | ---- | M] () -- C:\E62FF5.txt
[2009-05-01 11:00:02 | 000,000,048 | ---- | M] () -- C:\e6uWFeM.txt
[2009-05-22 06:41:06 | 000,000,051 | ---- | M] () -- C:\ebqd2gg.txt
[2009-05-01 10:30:06 | 000,000,052 | ---- | M] () -- C:\ebT.txt
[2009-06-19 11:41:07 | 000,000,051 | ---- | M] () -- C:\EDGjl.txt
[2009-05-11 22:00:18 | 000,000,050 | ---- | M] () -- C:\EDiD.txt
[2009-04-24 11:30:02 | 000,000,049 | ---- | M] () -- C:\eHWET3dR.txt
[2009-04-28 09:45:09 | 000,000,052 | ---- | M] () -- C:\eIgG2f.txt
[2009-06-18 12:38:10 | 000,000,050 | ---- | M] () -- C:\EjR8G.txt
[2009-06-19 11:29:07 | 000,000,051 | ---- | M] () -- C:\EmvL57.txt
[2009-05-11 20:45:17 | 000,000,049 | ---- | M] () -- C:\eMYdeARJ.txt
[2009-06-17 13:29:06 | 000,000,049 | ---- | M] () -- C:\enuc.txt
[2009-05-15 16:37:04 | 000,000,051 | ---- | M] () -- C:\EoCjcK.txt
[2009-05-27 16:24:09 | 000,000,050 | ---- | M] () -- C:\eP9CBu6.txt
[2009-04-24 16:30:04 | 000,000,051 | ---- | M] () -- C:\epRCf.txt
[2009-05-21 15:25:06 | 000,000,049 | ---- | M] () -- C:\erHvGNNP.txt
[2009-05-01 16:45:03 | 000,000,049 | ---- | M] () -- C:\eRwdIP.txt
[2009-06-22 17:42:06 | 000,000,053 | ---- | M] () -- C:\EThA.txt
[2009-05-27 12:47:07 | 000,000,052 | ---- | M] () -- C:\EVc.txt
[2009-05-08 04:15:08 | 000,000,050 | ---- | M] () -- C:\EvHVD1.txt
[2009-05-11 15:00:10 | 000,000,051 | ---- | M] () -- C:\EvTBNb.txt
[2009-05-22 14:57:05 | 000,000,053 | ---- | M] () -- C:\eXKd.txt
[2009-05-27 14:05:10 | 000,000,048 | ---- | M] () -- C:\ez8s2m.txt
[2009-05-21 22:30:10 | 000,000,052 | ---- | M] () -- C:\f0F9j.txt
[2009-05-12 12:00:22 | 000,000,051 | ---- | M] () -- C:\f1UPJA.txt
[2009-05-21 23:22:12 | 000,000,051 | ---- | M] () -- C:\f27beHR.txt
[2009-05-08 13:30:09 | 000,000,048 | ---- | M] () -- C:\f3h3qjxc.txt
[2009-06-09 09:39:09 | 000,000,048 | ---- | M] () -- C:\f4xYXq.txt
[2009-05-21 15:38:06 | 000,000,049 | ---- | M] () -- C:\F6ajG.txt
[2009-05-12 12:30:17 | 000,000,052 | ---- | M] () -- C:\F6KwZZ.txt
[2009-05-11 22:45:15 | 000,000,051 | ---- | M] () -- C:\F7x37.txt
[2009-05-27 16:30:07 | 000,000,050 | ---- | M] () -- C:\fBiIo.txt
[2009-05-18 13:44:07 | 000,000,052 | ---- | M] () -- C:\fc5Zs.txt
[2009-04-22 12:45:05 | 000,000,048 | ---- | M] () -- C:\FcivR.txt
[2009-06-08 15:42:04 | 000,000,053 | ---- | M] () -- C:\fEG3a8.txt
[2009-05-18 15:31:06 | 000,000,049 | ---- | M] () -- C:\FF9J.txt
[2009-05-11 19:30:12 | 000,000,052 | ---- | M] () -- C:\ffO4.txt
[2009-05-08 17:15:06 | 000,000,049 | ---- | M] () -- C:\fGEaDj0.txt
[2009-05-22 00:00:33 | 000,000,048 | ---- | M] () -- C:\FHz.txt
[2009-05-04 11:30:03 | 000,000,052 | ---- | M] () -- C:\fjMg8Fk.txt
[2009-05-22 02:58:18 | 000,000,048 | ---- | M] () -- C:\fjqtcDv0.txt
[2009-05-18 14:25:09 | 000,000,052 | ---- | M] () -- C:\fMAYvJ.txt
[2009-05-08 03:45:09 | 000,000,051 | ---- | M] () -- C:\FMum.txt
[2009-04-22 13:30:15 | 000,000,050 | ---- | M] () -- C:\fMW.txt
[2009-06-17 12:25:06 | 000,000,052 | ---- | M] () -- C:\FnhwPYGU.txt
[2009-05-27 14:31:06 | 000,000,048 | ---- | M] () -- C:\fNw6M8t.txt
[2009-06-26 11:16:06 | 000,000,050 | ---- | M] () -- C:\Fo8.txt
[2009-06-09 09:50:09 | 000,000,052 | ---- | M] () -- C:\FOrAuf.txt
[2009-05-08 03:30:06 | 000,000,052 | ---- | M] () -- C:\FOuQlM.txt
[2009-05-21 16:25:09 | 000,000,048 | ---- | M] () -- C:\FQ3.txt
[2009-05-08 11:45:09 | 000,000,053 | ---- | M] () -- C:\FR6rrIi.txt
[2009-05-14 16:08:05 | 000,000,053 | ---- | M] () -- C:\Fsi0MNJa.txt
[2009-05-21 20:19:11 | 000,000,053 | ---- | M] () -- C:\FsQVz.txt
[2009-06-18 14:41:08 | 000,000,052 | ---- | M] () -- C:\ft10.txt
[2009-06-17 14:50:07 | 000,000,053 | ---- | M] () -- C:\fu1vpU.txt
[2009-05-21 18:54:06 | 000,000,050 | ---- | M] () -- C:\fuzZ9F.txt
[2009-05-11 21:00:16 | 000,000,051 | ---- | M] () -- C:\FWE7.txt
[2009-06-17 09:59:04 | 000,000,049 | ---- | M] () -- C:\fwlHO.txt
[2009-05-22 00:56:06 | 000,000,053 | ---- | M] () -- C:\FYJkv.txt
[2009-05-27 15:26:18 | 000,000,051 | ---- | M] () -- C:\FyP6.txt
[2009-05-11 14:15:08 | 000,000,052 | ---- | M] () -- C:\FytR3.txt
[2009-04-23 16:30:04 | 000,000,052 | ---- | M] () -- C:\FYVEfz.txt
[2009-06-22 15:39:06 | 000,000,050 | ---- | M] () -- C:\fZ1RwhP6.txt
[2009-05-11 15:30:07 | 000,000,048 | ---- | M] () -- C:\FZg2eNZ.txt
[2009-05-01 16:00:03 | 000,000,050 | ---- | M] () -- C:\G1OY.txt
[2009-06-17 16:32:06 | 000,000,050 | ---- | M] () -- C:\g1xXVau.txt
[2009-06-18 10:26:07 | 000,000,048 | ---- | M] () -- C:\G3f.txt
[2009-04-23 13:30:04 | 000,000,050 | ---- | M] () -- C:\G624p.txt
[2009-05-01 12:15:02 | 000,000,051 | ---- | M] () -- C:\g6RxZ.txt
[2009-05-27 14:56:11 | 000,000,052 | ---- | M] () -- C:\g77e.txt
[2009-05-11 19:45:13 | 000,000,050 | ---- | M] () -- C:\G81Tu3B.txt
[2009-05-21 21:18:06 | 000,000,051 | ---- | M] () -- C:\gAtUf.txt
[2009-05-21 16:09:06 | 000,000,049 | ---- | M] () -- C:\GBx.txt
[2009-05-08 01:00:06 | 000,000,052 | ---- | M] () -- C:\gClHn.txt
[2009-06-17 16:59:07 | 000,000,051 | ---- | M] () -- C:\Ggc.txt
[2009-04-24 15:00:18 | 000,000,053 | ---- | M] () -- C:\GGek.txt
[2009-05-26 12:51:09 | 000,000,052 | ---- | M] () -- C:\Ghm6.txt
[2009-05-22 06:55:06 | 000,000,050 | ---- | M] () -- C:\GJ2sCNGj.txt
[2009-06-19 10:56:09 | 000,000,053 | ---- | M] () -- C:\GjX.txt
[2009-06-26 11:36:09 | 000,000,050 | ---- | M] () -- C:\GKcD.txt
[2006-11-13 11:55:17 | 000,000,419 | ---- | M] () -- C:\GLB.LNK
[2009-05-21 20:41:06 | 000,000,048 | ---- | M] () -- C:\gllt7j.txt
[2009-06-17 10:47:06 | 000,000,050 | ---- | M] () -- C:\GnmTzir.txt
[2009-06-22 16:27:12 | 000,000,053 | ---- | M] () -- C:\GOeH.txt
[2009-06-17 11:44:09 | 000,000,053 | ---- | M] () -- C:\gOkYzagN.txt
[2009-06-26 14:22:13 | 000,000,049 | ---- | M] () -- C:\GpiY.txt
[2009-07-07 11:03:05 | 000,000,051 | ---- | M] () -- C:\gqEaDn.txt
[2009-06-18 11:09:06 | 000,000,053 | ---- | M] () -- C:\gsOMO.txt
[2009-05-11 16:30:09 | 000,000,051 | ---- | M] () -- C:\gtBnMm.txt
[2009-05-18 11:38:04 | 000,000,052 | ---- | M] () -- C:\gTwZ.txt
[2009-04-28 11:15:06 | 000,000,050 | ---- | M] () -- C:\gUEF3Oj.txt
[2009-05-01 15:15:02 | 000,000,051 | ---- | M] () -- C:\GVjkj4X.txt
[2009-06-17 14:32:07 | 000,000,050 | ---- | M] () -- C:\GwzjkwJw.txt
[2009-06-17 11:25:06 | 000,000,053 | ---- | M] () -- C:\H23MnKDR.txt
[2009-05-27 13:58:06 | 000,000,051 | ---- | M] () -- C:\H61Bk.txt
[2009-05-26 12:49:09 | 000,000,049 | ---- | M] () -- C:\h83kk.txt
[2009-04-27 11:00:02 | 000,000,051 | ---- | M] () -- C:\hA5.txt
[2009-06-17 12:36:09 | 000,000,050 | ---- | M] () -- C:\hbhyxjs.txt
[2009-06-18 09:37:07 | 000,000,048 | ---- | M] () -- C:\hExuo0qS.txt
[2009-05-21 19:46:09 | 000,000,053 | ---- | M] () -- C:\Heyvc.txt
[2009-05-12 10:30:07 | 000,000,051 | ---- | M] () -- C:\HGM.txt
[2009-06-26 15:03:05 | 000,000,052 | ---- | M] () -- C:\hI29L3.txt
[2011-02-24 15:58:15 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2009-05-21 15:29:06 | 000,000,052 | ---- | M] () -- C:\hIMeS7ZQ.txt
[2009-06-17 20:19:07 | 000,000,050 | ---- | M] () -- C:\hiX.txt
[2009-05-18 14:09:09 | 000,000,049 | ---- | M] () -- C:\HixcfIU.txt
[2009-06-18 18:08:06 | 000,000,048 | ---- | M] () -- C:\hkJUR.txt
[2009-05-01 19:15:13 | 000,000,048 | ---- | M] () -- C:\hkxmKTF.txt
[2009-05-22 06:28:07 | 000,000,052 | ---- | M] () -- C:\hP9Ji.txt
[2009-05-11 21:15:14 | 000,000,049 | ---- | M] () -- C:\hQ0uzK5.txt
[2009-05-21 22:05:07 | 000,000,048 | ---- | M] () -- C:\HtBk7c.txt
[2009-05-08 12:45:10 | 000,000,052 | ---- | M] () -- C:\hu9C.txt
[2009-05-22 04:58:07 | 000,000,049 | ---- | M] () -- C:\HwHTDsJO.txt
[2009-04-24 16:45:04 | 000,000,049 | ---- | M] () -- C:\HySc9ih.txt
[2009-05-08 06:00:10 | 000,000,048 | ---- | M] () -- C:\HZ1q.txt
[2009-05-08 02:15:20 | 000,000,050 | ---- | M] () -- C:\I01xFOl.txt
[2009-06-18 18:07:06 | 000,000,048 | ---- | M] () -- C:\i1eW.txt
[2009-05-07 15:15:06 | 000,000,051 | ---- | M] () -- C:\i2r1.txt
[2009-05-18 16:08:11 | 000,000,051 | ---- | M] () -- C:\I3wbrk.txt
[2009-05-27 11:25:09 | 000,000,052 | ---- | M] () -- C:\i5c2wMG.txt
[2009-05-22 07:27:09 | 000,000,051 | ---- | M] () -- C:\I6jDwoR.txt
[2009-05-12 09:45:12 | 000,000,052 | ---- | M] () -- C:\I7Z.txt
[2009-05-01 12:00:02 | 000,000,052 | ---- | M] () -- C:\IBifhB0.txt
[2009-06-26 16:06:05 | 000,000,051 | ---- | M] () -- C:\ICD.txt
[2009-06-22 15:04:06 | 000,000,053 | ---- | M] () -- C:\iDiby.txt
[2009-06-26 15:06:06 | 000,000,049 | ---- | M] () -- C:\idR5Wymo.txt
[2009-05-11 18:30:08 | 000,000,050 | ---- | M] () -- C:\Idxi.txt
[2009-05-12 13:00:20 | 000,000,048 | ---- | M] () -- C:\iE6.txt
[2009-05-12 15:31:41 | 000,000,050 | ---- | M] () -- C:\iEXZrc.txt
[2009-05-12 09:45:12 | 000,000,051 | ---- | M] () -- C:\IFc.txt
[2009-05-22 15:02:06 | 000,000,050 | ---- | M] () -- C:\IfOlVxW.txt
[2009-04-28 10:30:06 | 000,000,049 | ---- | M] () -- C:\IgD9RKs.txt
[2009-05-15 16:34:04 | 000,000,048 | ---- | M] () -- C:\iGzOQ.txt
[2009-05-26 12:37:10 | 000,000,053 | ---- | M] () -- C:\ihAMRhW.txt
[2009-05-27 16:44:08 | 000,000,052 | ---- | M] () -- C:\IHWuupd.txt
[2009-05-11 23:30:19 | 000,000,052 | ---- | M] () -- C:\IiAtp.txt
[2009-05-08 20:30:08 | 000,000,053 | ---- | M] () -- C:\iJ4.txt
[2009-06-08 16:41:07 | 000,000,052 | ---- | M] () -- C:\ijILc.txt
[2009-04-24 13:15:11 | 000,000,050 | ---- | M] () -- C:\IjWQw.txt
[2009-04-22 14:45:20 | 000,000,051 | ---- | M] () -- C:\IKueNOZ.txt
[2009-06-22 16:36:07 | 000,000,051 | ---- | M] () -- C:\ilbw.txt
[2009-05-12 13:15:16 | 000,000,053 | ---- | M] () -- C:\Im6mzRL.txt
[2009-05-27 15:42:06 | 000,000,052 | ---- | M] () -- C:\INA.txt
[2006-04-04 12:32:01 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004-08-11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009-05-22 05:19:07 | 000,000,052 | ---- | M] () -- C:\iOh8F.txt
[2009-04-23 12:45:05 | 000,000,049 | ---- | M] () -- C:\Ip9kxH.txt
[2009-06-17 18:47:06 | 000,000,049 | ---- | M] () -- C:\ipYmfG.txt
[2009-04-22 16:00:06 | 000,000,051 | ---- | M] () -- C:\IQwY.txt
[2009-05-07 16:45:03 | 000,000,050 | ---- | M] () -- C:\isOTv.txt
[2009-05-12 09:30:08 | 000,000,051 | ---- | M] () -- C:\iw4ugm.txt
[2009-05-01 13:30:02 | 000,000,053 | ---- | M] () -- C:\iwYV.txt
[2009-06-16 16:05:04 | 000,000,050 | ---- | M] () -- C:\iXn4OIan.txt
[2009-05-27 15:07:17 | 000,000,049 | ---- | M] () -- C:\IZJApO.txt
[2009-06-18 10:56:09 | 000,000,053 | ---- | M] () -- C:\iZZImJx.txt
[2009-05-12 14:15:21 | 000,000,048 | ---- | M] () -- C:\j05AKOy.txt
[2009-05-14 16:02:03 | 000,000,053 | ---- | M] () -- C:\j1pcs.txt
[2009-05-04 12:00:02 | 000,000,048 | ---- | M] () -- C:\j3f.txt
[2009-05-18 12:16:13 | 000,000,050 | ---- | M] () -- C:\j5IqP.txt
[2009-04-22 15:45:04 | 000,000,049 | ---- | M] () -- C:\j5qRb.txt
[2009-05-12 01:15:22 | 000,000,048 | ---- | M] () -- C:\J6J.txt
[2009-05-07 17:45:05 | 000,000,052 | ---- | M] () -- C:\jAPBX0P.txt
[2009-07-17 13:39:13 | 000,009,368 | ---- | M] () -- C:\JavaRa.log
[2009-05-27 14:03:06 | 000,000,049 | ---- | M] () -- C:\jaZK3o.txt
[2009-04-24 10:30:02 | 000,000,053 | ---- | M] () -- C:\jEo.txt
[2009-06-24 13:18:06 | 000,000,052 | ---- | M] () -- C:\JF4izqk.txt
[2009-06-17 08:39:15 | 000,000,049 | ---- | M] () -- C:\JIfICGaT.txt
[2009-05-11 16:00:09 | 000,000,049 | ---- | M] () -- C:\jk4bmO.txt
[2009-05-08 02:45:12 | 000,000,052 | ---- | M] () -- C:\JKgvZU.txt
[2009-05-14 14:15:04 | 000,000,050 | ---- | M] () -- C:\Jknsfk.txt
[2009-05-22 05:23:14 | 000,000,052 | ---- | M] () -- C:\JL48JaH.txt
[2009-05-12 01:00:17 | 000,000,048 | ---- | M] () -- C:\jle.txt
[2009-05-21 20:44:07 | 000,000,051 | ---- | M] () -- C:\jMdy.txt
[2009-04-24 10:00:03 | 000,000,053 | ---- | M] () -- C:\Jnk0CuU.txt
[2009-05-11 14:30:10 | 000,000,051 | ---- | M] () -- C:\JoM9.txt
[2009-06-26 11:23:09 | 000,000,049 | ---- | M] () -- C:\JouKe.txt
[2009-05-12 02:15:17 | 000,000,053 | ---- | M] () -- C:\jpqfVSo.txt
[2009-05-22 06:52:10 | 000,000,050 | ---- | M] () -- C:\JpSWl.txt
[2009-05-04 13:30:03 | 000,000,052 | ---- | M] () -- C:\jq0HeFB.txt
[2009-05-21 22:36:12 | 000,000,049 | ---- | M] () -- C:\jQbsrW.txt
[2009-05-22 04:08:33 | 000,000,053 | ---- | M] () -- C:\JqwLO3Y.txt
[2009-05-01 17:30:02 | 000,000,050 | ---- | M] () -- C:\jR1j.txt
[2009-05-28 10:42:08 | 000,000,051 | ---- | M] () -- C:\jrGC.txt
[2009-05-04 12:45:02 | 000,000,048 | ---- | M] () -- C:\JUl9zli.txt
[2009-05-04 13:15:05 | 000,000,048 | ---- | M] () -- C:\jwSGTkw.txt
[2009-05-22 15:35:06 | 000,000,048 | ---- | M] () -- C:\jXD0Q.txt
[2009-06-17 09:59:08 | 000,000,052 | ---- | M] () -- C:\JYKeu.txt
[2009-05-21 21:53:06 | 000,000,048 | ---- | M] () -- C:\K4er9.txt
[2009-04-24 12:00:02 | 000,000,050 | ---- | M] () -- C:\K53u.txt
[2009-05-08 20:15:06 | 000,000,049 | ---- | M] () -- C:\K75m0.txt
[2009-04-28 10:15:03 | 000,000,048 | ---- | M] () -- C:\K7Qpc22a.txt
[2009-05-07 17:15:05 | 000,000,051 | ---- | M] () -- C:\K8l1R.txt
[2009-05-22 03:19:11 | 000,000,051 | ---- | M] () -- C:\KAs9t.txt
[2009-05-21 22:48:08 | 000,000,052 | ---- | M] () -- C:\kaw9W9j.txt
[2009-05-22 03:08:20 | 000,000,053 | ---- | M] () -- C:\KBmc.txt
[2009-05-01 18:30:05 | 000,000,050 | ---- | M] () -- C:\kbMu6.txt
[2009-05-21 19:20:06 | 000,000,052 | ---- | M] () -- C:\KBQg.txt
[2009-05-01 18:15:05 | 000,000,053 | ---- | M] () -- C:\kbV.txt
[2009-05-08 09:30:13 | 000,000,048 | ---- | M] () -- C:\kccgh.txt
[2009-06-18 18:28:08 | 000,000,052 | ---- | M] () -- C:\KfjR5D.txt
[2009-05-08 16:15:07 | 000,000,052 | ---- | M] () -- C:\Kft5CiFF.txt
[2009-05-01 19:45:17 | 000,000,049 | ---- | M] () -- C:\Kha.txt
[2009-05-08 12:00:11 | 000,000,053 | ---- | M] () -- C:\kHo.txt
[2009-04-23 15:15:03 | 000,000,053 | ---- | M] () -- C:\kJ2nZ3t.txt
[2009-06-18 12:04:07 | 000,000,053 | ---- | M] () -- C:\kJTeqGF.txt
[2009-05-08 13:45:06 | 000,000,052 | ---- | M] () -- C:\kjz.txt
[2009-04-24 16:00:04 | 000,000,049 | ---- | M] () -- C:\kkty2.txt
[2009-06-18 13:41:11 | 000,000,053 | ---- | M] () -- C:\KKugD07.txt
[2009-05-11 20:00:10 | 000,000,052 | ---- | M] () -- C:\KLa5P8.txt
[2009-06-22 15:59:07 | 000,000,048 | ---- | M] () -- C:\kMN62d.txt
[2009-04-24 15:45:04 | 000,000,049 | ---- | M] () -- C:\Kpp759.txt
[2009-06-08 16:56:06 | 000,000,052 | ---- | M] () -- C:\kS4T7wh.txt
[2009-06-19 11:33:07 | 000,000,050 | ---- | M] () -- C:\kUeo.txt
[2009-05-01 17:00:04 | 000,000,053 | ---- | M] () -- C:\KuwQXez.txt
[2009-05-27 13:23:06 | 000,000,052 | ---- | M] () -- C:\kvTv.txt
[2009-05-22 06:59:19 | 000,000,053 | ---- | M] () -- C:\kY31.txt
[2009-06-17 11:02:04 | 000,000,049 | ---- | M] () -- C:\Kz5.txt
[2009-04-24 15:15:16 | 000,000,053 | ---- | M] () -- C:\l07fJsI.txt
[2009-05-12 14:00:11 | 000,000,053 | ---- | M] () -- C:\L0vxckYn.txt
[2009-05-14 15:54:03 | 000,000,051 | ---- | M] () -- C:\l1TXCIg.txt
[2009-05-11 18:00:10 | 000,000,052 | ---- | M] () -- C:\laUsPM.txt
[2009-05-11 15:45:07 | 000,000,051 | ---- | M] () -- C:\LBjrKE.txt
[2009-06-22 14:21:04 | 000,000,052 | ---- | M] () -- C:\lCJU9F3.txt
[2009-05-08 16:45:05 | 000,000,053 | ---- | M] () -- C:\ldjfF.txt
[2009-06-26 16:22:05 | 000,000,050 | ---- | M] () -- C:\LeFal4z.txt
[2009-05-21 18:08:08 | 000,000,053 | ---- | M] () -- C:\LeLkHOp.txt
[2009-05-01 20:15:05 | 000,000,052 | ---- | M] () -- C:\lg4Dg.txt
[2009-04-24 09:45:06 | 000,000,051 | ---- | M] () -- C:\lGj0HU.txt
[2009-05-11 20:15:18 | 000,000,049 | ---- | M] () -- C:\lGZfwN.txt
[2009-06-26 14:57:06 | 000,000,053 | ---- | M] () -- C:\lhkBj27.txt
[2009-06-25 17:09:03 | 000,000,048 | ---- | M] () -- C:\LjtSSAoq.txt
[2009-04-23 12:45:05 | 000,000,048 | ---- | M] () -- C:\LKJHK3AF.txt
[2009-05-27 13:08:12 | 000,000,053 | ---- | M] () -- C:\lkl.txt
[2009-04-22 12:45:05 | 000,000,052 | ---- | M] () -- C:\LKMlHi.txt
[2009-05-01 15:30:04 | 000,000,051 | ---- | M] () -- C:\Lo3iWQl.txt
[2009-06-26 12:22:06 | 000,000,050 | ---- | M] () -- C:\lRXIO.txt
[2009-06-18 16:55:06 | 000,000,053 | ---- | M] () -- C:\ls81C1sb.txt
[2009-05-22 02:34:12 | 000,000,051 | ---- | M] () -- C:\LsBAzi.txt
[2009-06-22 18:29:06 | 000,000,049 | ---- | M] () -- C:\LSKqUcn.txt
[2009-05-22 07:08:14 | 000,000,048 | ---- | M] () -- C:\ltbRieJ.txt
[2009-05-07 17:30:03 | 000,000,051 | ---- | M] () -- C:\lTmOOB.txt
[2009-05-12 12:30:18 | 000,000,052 | ---- | M] () -- C:\Lu1Yj.txt
[2009-04-22 13:45:15 | 000,000,050 | ---- | M] () -- C:\lUS.txt
[2009-05-22 03:34:10 | 000,000,049 | ---- | M] () -- C:\lWm0msQ5.txt
[2009-05-21 21:22:15 | 000,000,052 | ---- | M] () -- C:\LXNVQULX.txt
[2009-06-18 19:06:06 | 000,000,049 | ---- | M] () -- C:\LyYqF027.txt
[2009-06-22 16:58:06 | 000,000,050 | ---- | M] () -- C:\m02V86sg.txt
[2009-05-04 11:00:16 | 000,000,049 | ---- | M] () -- C:\M1dmMwHu.txt
[2009-05-08 05:30:09 | 000,000,052 | ---- | M] () -- C:\M1r2kU.txt
[2009-05-22 05:59:11 | 000,000,048 | ---- | M] () -- C:\M5Dk.txt
[2009-06-09 10:19:06 | 000,000,050 | ---- | M] () -- C:\M5rdFd.txt
[2009-05-01 14:30:02 | 000,000,053 | ---- | M] () -- C:\m6rvUXwi.txt
[2009-04-23 10:45:14 | 000,000,051 | ---- | M] () -- C:\M7PZqN4.txt
[2009-06-18 15:50:06 | 000,000,048 | ---- | M] () -- C:\maBuptKl.txt
[2009-05-18 14:24:06 | 000,000,053 | ---- | M] () -- C:\mATrL.txt
[2009-04-22 15:15:04 | 000,000,052 | ---- | M] () -- C:\mbE.txt
[2009-05-01 14:45:02 | 000,000,049 | ---- | M] () -- C:\mbT.txt
[2009-05-22 02:24:11 | 000,000,050 | ---- | M] () -- C:\McqhXV.txt
[2009-05-08 00:45:08 | 000,000,050 | ---- | M] () -- C:\MdJRyceo.txt
[2009-05-01 17:45:02 | 000,000,051 | ---- | M] () -- C:\mDs.txt
[2009-05-22 04:19:14 | 000,000,049 | ---- | M] () -- C:\mFn.txt
[2009-05-18 14:55:08 | 000,000,050 | ---- | M] () -- C:\mFwTd.txt
[2009-04-23 10:45:10 | 000,000,051 | ---- | M] () -- C:\MiGeN2.txt
[2009-06-22 16:08:06 | 000,000,048 | ---- | M] () -- C:\MJU.txt
[2009-06-09 11:53:06 | 000,000,048 | ---- | M] () -- C:\Mk7Oagq.txt
[2009-05-22 10:20:03 | 000,000,052 | ---- | M] () -- C:\MLDBoT.txt
[2009-05-11 16:45:10 | 000,000,053 | ---- | M] () -- C:\MMjCdz.txt
[2009-06-09 10:17:06 | 000,000,049 | ---- | M] () -- C:\MMqcg4.txt
[2009-06-17 15:24:06 | 000,000,053 | ---- | M] () -- C:\MorXr.txt
[2009-06-18 10:04:16 | 000,000,052 | ---- | M] () -- C:\MOVjd6Oi.txt
[2009-06-17 16:05:08 | 000,000,048 | ---- | M] () -- C:\MpgEtKgD.txt
[2009-06-22 14:44:05 | 000,000,053 | ---- | M] () -- C:\MQqKQv1d.txt
[2009-05-08 19:00:07 | 000,000,050 | ---- | M] () -- C:\mQTjlYo.txt
[2004-08-11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009-05-12 00:45:19 | 000,000,052 | ---- | M] () -- C:\mtN82Yd.txt
[2009-06-26 15:27:05 | 000,000,050 | ---- | M] () -- C:\MtrF.txt
[2009-06-17 12:02:06 | 000,000,049 | ---- | M] () -- C:\mtWKK.txt
[2009-06-22 12:05:08 | 000,000,051 | ---- | M] () -- C:\mVgRjC.txt
[2009-06-26 13:29:07 | 000,000,053 | ---- | M] () -- C:\mVUb4.txt
[2009-06-18 13:18:09 | 000,000,050 | ---- | M] () -- C:\mWfxp9al.txt
[2009-05-22 01:28:13 | 000,000,052 | ---- | M] () -- C:\MYfkyL.txt
[2009-06-17 10:55:06 | 000,000,051 | ---- | M] () -- C:\myly.txt
[2009-05-27 15:09:07 | 000,000,051 | ---- | M] () -- C:\MyMeaY3.txt
[2009-06-11 10:25:07 | 000,000,050 | ---- | M] () -- C:\MZ3lkaIa.txt
[2009-06-17 14:06:07 | 000,000,053 | ---- | M] () -- C:\N3zD.txt
[2009-05-12 12:45:21 | 000,000,052 | ---- | M] () -- C:\n6aT21o.txt
[2009-05-08 19:45:06 | 000,000,053 | ---- | M] () -- C:\n8dW.txt
[2009-05-11 16:15:12 | 000,000,051 | ---- | M] () -- C:\NcFPlzA.txt
[2009-06-26 15:01:05 | 000,000,050 | ---- | M] () -- C:\NEbKyk.txt
[2009-06-11 09:18:08 | 000,000,051 | ---- | M] () -- C:\NF2KV8aP.txt
[2009-06-08 16:19:05 | 000,000,049 | ---- | M] () -- C:\NgSq.txt
[2009-04-23 12:30:15 | 000,000,050 | ---- | M] () -- C:\NgYp.txt
[2009-06-22 15:19:06 | 000,000,052 | ---- | M] () -- C:\NIb.txt
[2009-06-18 11:32:07 | 000,000,053 | ---- | M] () -- C:\nJKW.txt
[2009-06-17 09:05:05 | 000,000,049 | ---- | M] () -- C:\Nkkf.txt
[2009-05-21 19:06:06 | 000,000,050 | ---- | M] () -- C:\nLKE3M.txt
[2009-05-18 14:50:10 | 000,000,048 | ---- | M] () -- C:\nMwl.txt
[2009-05-21 20:37:06 | 000,000,049 | ---- | M] () -- C:\NMYl.txt
[2009-06-17 18:37:06 | 000,000,051 | ---- | M] () -- C:\npPpg.txt
[2009-06-18 11:37:08 | 000,000,049 | ---- | M] () -- C:\NPUKpW.txt
[2004-08-04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2009-05-18 12:23:07 | 000,000,050 | ---- | M] () -- C:\Nvr0.txt
[2009-06-09 10:05:13 | 000,000,053 | ---- | M] () -- C:\nwHdz7NX.txt
[2009-06-27 10:07:09 | 000,000,048 | ---- | M] () -- C:\NWopq9.txt
[2009-05-04 13:45:02 | 000,000,052 | ---- | M] () -- C:\nwyc38U.txt
[2009-05-22 14:20:04 | 000,000,051 | ---- | M] () -- C:\nx51.txt
[2009-04-24 11:00:02 | 000,000,052 | ---- | M] () -- C:\nxRUBQl.txt
[2009-05-07 18:15:05 | 000,000,051 | ---- | M] () -- C:\NY3.txt
[2009-04-28 09:45:06 | 000,000,052 | ---- | M] () -- C:\NYkKV2.txt
[2009-05-21 19:54:10 | 000,000,052 | ---- | M] () -- C:\nz5N0q.txt
[2009-06-18 14:59:07 | 000,000,049 | ---- | M] () -- C:\NzYk3W0F.txt
[2009-06-17 14:59:10 | 000,000,051 | ---- | M] () -- C:\o2M6oD9.txt
[2009-05-21 18:22:06 | 000,000,048 | ---- | M] () -- C:\o55mZ.txt
[2009-05-22 01:43:10 | 000,000,053 | ---- | M] () -- C:\O90.txt
[2009-05-12 13:15:16 | 000,000,050 | ---- | M] () -- C:\o95UF.txt
[2009-05-21 17:09:09 | 000,000,053 | ---- | M] () -- C:\Oa965.txt
[2009-05-11 19:15:13 | 000,000,052 | ---- | M] () -- C:\OanSW.txt
[2009-05-22 01:01:06 | 000,000,051 | ---- | M] () -- C:\oC2h6Q.txt
[2009-05-11 19:00:13 | 000,000,052 | ---- | M] () -- C:\ODJjK.txt
[2009-04-23 13:00:05 | 000,000,050 | ---- | M] () -- C:\oDQ4hY.txt
[2009-06-26 14:02:06 | 000,000,052 | ---- | M] () -- C:\odSbeKM.txt
[2009-06-22 14:47:09 | 000,000,051 | ---- | M] () -- C:\oe4.txt
[2009-06-17 19:39:06 | 000,000,049 | ---- | M] () -- C:\oH64Y.txt
[2009-05-08 17:45:05 | 000,000,053 | ---- | M] () -- C:\ohHhcKM.txt
[2009-05-04 14:00:03 | 000,000,050 | ---- | M] () -- C:\OkWYjnD.txt
[2009-06-08 17:02:06 | 000,000,051 | ---- | M] () -- C:\OoxE.txt
[2009-05-21 21:27:11 | 000,000,053 | ---- | M] () -- C:\opuAoO.txt
[2009-05-22 07:22:06 | 000,000,051 | ---- | M] () -- C:\OPz11t.txt
[2009-05-08 05:15:09 | 000,000,049 | ---- | M] () -- C:\oSgJaeoG.txt
[2009-06-19 10:05:07 | 000,000,053 | ---- | M] () -- C:\OSpC.txt
[2009-05-01 13:15:02 | 000,000,049 | ---- | M] () -- C:\oua.txt
[2009-05-21 16:07:09 | 000,000,049 | ---- | M] () -- C:\oWe.txt
[2009-04-22 14:15:16 | 000,000,052 | ---- | M] () -- C:\OwgzWgMV.txt
[2009-04-23 13:00:04 | 000,000,050 | ---- | M] () -- C:\owND.txt
[2009-05-12 13:00:19 | 000,000,050 | ---- | M] () -- C:\OXQSR.txt
[2009-04-24 11:15:02 | 000,000,050 | ---- | M] () -- C:\OYyDBNt.txt
[2009-05-12 09:30:09 | 000,000,052 | ---- | M] () -- C:\OZYhA.txt
[2009-05-08 08:15:09 | 000,000,052 | ---- | M] () -- C:\p1iJ.txt
[2009-05-08 00:30:06 | 000,000,048 | ---- | M] () -- C:\P2V1hqoi.txt
[2009-05-22 14:39:06 | 000,000,049 | ---- | M] () -- C:\p3KShg.txt
[2009-06-09 09:19:24 | 000,000,053 | ---- | M] () -- C:\p4m.txt
[2009-05-12 13:45:12 | 000,000,048 | ---- | M] () -- C:\p5ExeW.txt
[2009-06-16 13:51:03 | 000,000,048 | ---- | M] () -- C:\P7pBB2B.txt
[2011-02-24 15:58:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-05-08 05:45:07 | 000,000,053 | ---- | M] () -- C:\paT6yl.txt
[2009-05-27 16:06:10 | 000,000,049 | ---- | M] () -- C:\pBKxKyT.txt
[2009-06-18 15:39:06 | 000,000,048 | ---- | M] () -- C:\pc8A.txt
[2009-06-22 15:02:06 | 000,000,053 | ---- | M] () -- C:\PDVhd.txt
[2009-05-22 14:58:06 | 000,000,050 | ---- | M] () -- C:\pEv.txt
[2009-06-26 16:00:06 | 000,000,053 | ---- | M] () -- C:\pfCJJaS.txt
[2009-06-22 16:01:06 | 000,000,053 | ---- | M] () -- C:\PfDdJSiK.txt
[2009-05-11 20:30:16 | 000,000,052 | ---- | M] () -- C:\PG5itpm.txt
[2009-05-18 12:07:14 | 000,000,052 | ---- | M] () -- C:\PJwnnRm.txt
[2009-04-23 14:30:04 | 000,000,051 | ---- | M] () -- C:\PJyk.txt
[2009-04-23 12:30:19 | 000,000,048 | ---- | M] () -- C:\pKV5mOIS.txt
[2007-03-14 15:10:08 | 000,065,894 | ---- | M] () -- C:\playground.log
[2009-05-27 12:08:42 | 000,000,052 | ---- | M] () -- C:\PmQmotm.txt
[2009-04-22 15:30:04 | 000,000,053 | ---- | M] () -- C:\PooW.txt
[2009-05-08 18:00:06 | 000,000,051 | ---- | M] () -- C:\pOozV.txt
[2006-11-27 10:46:50 | 000,001,089 | ---- | M] () -- C:\PortfolioCenter Relationship Manager.LNK
[2009-06-22 18:39:06 | 000,000,048 | ---- | M] () -- C:\PS7zg.txt
[2009-05-11 23:00:19 | 000,000,052 | ---- | M] () -- C:\Pst5jZnU.txt
[2009-05-12 13:30:14 | 000,000,052 | ---- | M] () -- C:\puybt.txt
[2009-05-27 14:43:07 | 000,000,049 | ---- | M] () -- C:\pvKsWC.txt
[2009-05-27 11:47:11 | 000,000,052 | ---- | M] () -- C:\Pwmg.txt
[2009-06-22 17:29:09 | 000,000,053 | ---- | M] () -- C:\Pwt.txt
[2009-05-21 21:41:08 | 000,000,048 | ---- | M] () -- C:\PXyCnc.txt
[2009-05-12 10:00:28 | 000,000,049 | ---- | M] () -- C:\q0UAE2.txt
[2009-05-01 11:15:02 | 000,000,053 | ---- | M] () -- C:\Q6D9K.txt
[2009-06-17 14:31:09 | 000,000,048 | ---- | M] () -- C:\Q98WM3q.txt
[2009-05-18 13:19:06 | 000,000,049 | ---- | M] () -- C:\Q9qeNHB2.txt
[2009-06-18 10:37:09 | 000,000,049 | ---- | M] () -- C:\QdQTO.txt
[2009-05-27 12:20:06 | 000,000,053 | ---- | M] () -- C:\qEKwZ.txt
[2009-05-11 23:15:15 | 000,000,049 | ---- | M] () -- C:\qIhoC.txt
[2009-05-18 13:04:15 | 000,000,052 | ---- | M] () -- C:\QIx4.txt
[2009-05-08 12:30:13 | 000,000,052 | ---- | M] () -- C:\qj59AQx.txt
[2009-05-27 14:39:07 | 000,000,050 | ---- | M] () -- C:\qlz.txt
[2009-05-08 07:30:13 | 000,000,053 | ---- | M] () -- C:\qNaN3ZYb.txt
[2009-05-27 15:46:06 | 000,000,051 | ---- | M] () -- C:\QoI2p91z.txt
[2009-05-22 05:43:10 | 000,000,051 | ---- | M] () -- C:\QPEB1.txt
[2009-05-21 16:54:06 | 000,000,053 | ---- | M] () -- C:\qpt.txt
[2009-06-22 12:33:04 | 000,000,050 | ---- | M] () -- C:\qqrucR0p.txt
[2009-05-18 15:21:07 | 000,000,052 | ---- | M] () -- C:\QQWp9D.txt
[2009-06-08 15:51:04 | 000,000,051 | ---- | M] () -- C:\qRFCmu3.txt
[2009-04-23 14:00:04 | 000,000,051 | ---- | M] () -- C:\qstp.txt
[2009-05-08 18:15:06 | 000,000,051 | ---- | M] () -- C:\qSZ.txt
[2009-05-12 10:45:06 | 000,000,048 | ---- | M] () -- C:\QT3WqP.txt
[2009-05-08 02:00:06 | 000,000,053 | ---- | M] () -- C:\QTL.txt
[2009-05-14 16:00:05 | 000,000,048 | ---- | M] () -- C:\QtUvuj0.txt
[2009-06-17 19:17:06 | 000,000,053 | ---- | M] () -- C:\QU72lBcH.txt
[2009-05-22 03:58:10 | 000,000,049 | ---- | M] () -- C:\qUe8j.txt
[2009-05-12 10:15:05 | 000,000,051 | ---- | M] () -- C:\qugeiNW.txt
[2009-05-08 01:45:05 | 000,000,053 | ---- | M] () -- C:\qXvC.txt
[2009-05-27 15:59:43 | 000,000,053 | ---- | M] () -- C:\QZYizYsN.txt
[2009-05-04 13:00:03 | 000,000,053 | ---- | M] () -- C:\r4Mk.txt
[2009-04-28 10:45:06 | 000,000,052 | ---- | M] () -- C:\R7BfQ5n.txt
[2009-06-17 20:35:11 | 000,000,053 | ---- | M] () -- C:\R95.txt
[2009-05-27 11:42:09 | 000,000,048 | ---- | M] () -- C:\rBfZZiMa.txt
[2009-05-22 01:40:10 | 000,000,051 | ---- | M] () -- C:\rcMt.txt
[2009-05-22 07:28:08 | 000,000,050 | ---- | M] () -- C:\Rd2AJ.txt
[2009-05-08 11:15:09 | 000,000,053 | ---- | M] () -- C:\Re7.txt
[2009-06-22 18:07:07 | 000,000,048 | ---- | M] () -- C:\ReIxWB.txt
[2009-04-13 16:28:27 | 000,000,212 | ---- | M] () -- C:\Reslog.txt
[2009-05-22 07:38:06 | 000,000,053 | ---- | M] () -- C:\RfXt2.txt
[2009-06-11 10:06:15 | 000,000,048 | ---- | M] () -- C:\rHQhls3.txt
[2009-05-08 12:45:10 | 000,000,051 | ---- | M] () -- C:\rIEu.txt
[2009-06-08 16:08:08 | 000,000,053 | ---- | M] () -- C:\Rka.txt
[2010-07-01 09:29:12 | 000,000,375 | ---- | M] () -- C:\rkill.log
[2009-05-27 15:37:06 | 000,000,052 | ---- | M] () -- C:\rKz.txt
[2009-05-08 04:00:14 | 000,000,050 | ---- | M] () -- C:\RmAVWe.txt
[2009-05-22 07:30:06 | 000,000,051 | ---- | M] () -- C:\RnrW.txt
[2009-06-26 10:47:04 | 000,000,052 | ---- | M] () -- C:\rp4daQ.txt
[2009-05-28 09:54:14 | 000,000,052 | ---- | M] () -- C:\RPkN.txt
[2009-05-08 10:45:12 | 000,000,052 | ---- | M] () -- C:\RQ4.txt
[2009-05-21 23:07:06 | 000,000,052 | ---- | M] () -- C:\RQla.txt
[2009-05-22 07:41:06 | 000,000,053 | ---- | M] () -- C:\rQpM.txt
[2009-05-12 12:15:20 | 000,000,053 | ---- | M] () -- C:\rR1JI.txt
[2009-04-27 15:30:03 | 000,000,053 | ---- | M] () -- C:\RsUF658.txt
[2009-05-21 18:21:07 | 000,000,048 | ---- | M] () -- C:\rU8zl.txt
[2009-05-08 18:30:06 | 000,000,052 | ---- | M] () -- C:\RuohO4z1.txt
[2009-05-22 14:24:04 | 000,000,049 | ---- | M] () -- C:\RVcDF.txt
[2009-05-08 12:15:08 | 000,000,048 | ---- | M] () -- C:\RvK4CvsL.txt
[2009-05-14 14:44:06 | 000,000,053 | ---- | M] () -- C:\rvq.txt
[2009-05-08 15:30:06 | 000,000,050 | ---- | M] () -- C:\rWaz.txt
[2009-05-07 15:30:04 | 000,000,052 | ---- | M] () -- C:\rzN.txt
[2009-06-18 10:09:07 | 000,000,050 | ---- | M] () -- C:\S2PrWN.txt
[2009-05-27 16:09:07 | 000,000,053 | ---- | M] () -- C:\S5CL.txt
[2009-04-23 13:15:04 | 000,000,053 | ---- | M] () -- C:\S6X.txt
[2009-05-18 13:59:12 | 000,000,052 | ---- | M] () -- C:\S751.txt
[2009-06-17 19:50:06 | 000,000,048 | ---- | M] () -- C:\sA382.txt
[2009-05-07 18:00:05 | 000,000,053 | ---- | M] () -- C:\sAFB.txt
[2009-05-21 17:04:09 | 000,000,052 | ---- | M] () -- C:\SahcX.txt
[2009-06-18 14:36:09 | 000,000,051 | ---- | M] () -- C:\sbk.txt
[2009-05-08 09:45:07 | 000,000,048 | ---- | M] () -- C:\Sbl.txt
[2009-04-23 09:15:09 | 000,000,049 | ---- | M] () -- C:\sC48.txt
[2009-06-17 13:55:07 | 000,000,053 | ---- | M] () -- C:\sCaD85TU.txt
[2009-05-22 01:09:10 | 000,000,051 | ---- | M] () -- C:\Sdpn1A1S.txt
[2009-06-09 10:08:20 | 000,000,053 | ---- | M] () -- C:\sE8cHJ.txt
[2009-04-22 14:30:16 | 000,000,051 | ---- | M] () -- C:\SeI5.txt
[2009-04-23 13:45:04 | 000,000,052 | ---- | M] () -- C:\seX4jo.txt
[2009-06-17 16:28:06 | 000,000,049 | ---- | M] () -- C:\sF6.txt
[2009-05-08 21:15:11 | 000,000,050 | ---- | M] () -- C:\Sgd5.txt
[2009-05-21 16:01:06 | 000,000,053 | ---- | M] () -- C:\sMm.txt
[2009-05-22 05:09:14 | 000,000,053 | ---- | M] () -- C:\Smo7.txt
[2009-05-01 14:15:03 | 000,000,051 | ---- | M] () -- C:\smooDh.txt
[2009-04-23 15:30:04 | 000,000,053 | ---- | M] () -- C:\Snc8uf3.txt
[2009-04-23 12:45:05 | 000,000,052 | ---- | M] () -- C:\soAZ.txt
[2009-05-22 00:59:08 | 000,000,052 | ---- | M] () -- C:\spjBdu.txt
[2010-08-19 15:16:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010-08-26 16:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010-09-14 13:13:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010-09-27 15:55:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010-10-25 16:22:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010-11-04 12:50:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010-11-16 10:27:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011-01-12 09:24:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011-01-18 14:43:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011-01-20 16:18:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011-01-20 16:25:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011-01-20 17:04:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011-02-04 17:52:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011-02-04 18:44:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011-02-04 18:44:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2011-02-11 12:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011-02-11 12:02:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2011-02-17 12:54:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2011-02-22 12:29:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2011-02-22 12:29:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010-08-19 15:16:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-08-26 16:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010-09-14 13:13:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010-09-27 15:55:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010-10-25 16:22:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010-11-04 12:50:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-11-16 10:27:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011-01-12 09:24:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011-01-18 14:43:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011-01-20 16:18:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011-01-20 16:25:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011-01-20 17:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011-02-04 17:52:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011-02-04 18:44:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011-02-04 18:44:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011-02-11 12:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011-02-11 12:02:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011-02-17 12:54:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011-02-22 12:29:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011-02-22 12:29:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009-05-11 17:30:09 | 000,000,049 | ---- | M] () -- C:\sSlpHA.txt
[2009-04-28 10:00:04 | 000,000,050 | ---- | M] () -- C:\sTO.txt
[2009-05-01 18:00:02 | 000,000,052 | ---- | M] () -- C:\stTMN.txt
[2005-10-31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2009-05-21 17:57:05 | 000,000,048 | ---- | M] () -- C:\SuxRtt7Z.txt
[2009-06-11 10:09:11 | 000,000,048 | ---- | M] () -- C:\suyWFc.txt
[2009-06-18 12:23:10 | 000,000,048 | ---- | M] () -- C:\SvCP.txt
[2009-05-27 13:37:06 | 000,000,048 | ---- | M] () -- C:\SWuoOM3.txt
[2006-03-07 08:07:29 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009-06-22 12:35:04 | 000,000,052 | ---- | M] () -- C:\SYt2D.txt
[2009-05-21 19:40:09 | 000,000,048 | ---- | M] () -- C:\t1BAhbhL.txt
[2009-05-14 15:43:03 | 000,000,050 | ---- | M] () -- C:\T1Xp.txt
[2009-05-04 11:00:15 | 000,000,049 | ---- | M] () -- C:\T2a88G.txt
[2009-06-17 17:28:06 | 000,000,051 | ---- | M] () -- C:\t3gkYvw.txt
[2009-04-22 15:00:21 | 000,000,050 | ---- | M] () -- C:\t3gpE.txt
[2008-07-30 09:54:21 | 001,981,268 | ---- | M] () -- C:\t3_us_standard.zip
[2009-06-17 15:05:06 | 000,000,050 | ---- | M] () -- C:\t8nY7.txt
[2009-06-26 11:04:08 | 000,000,053 | ---- | M] () -- C:\TaLkA.txt
[2009-05-07 23:00:04 | 000,000,052 | ---- | M] () -- C:\tBjYLa.txt
[2009-06-11 09:05:10 | 000,000,053 | ---- | M] () -- C:\TcO.txt
[2009-06-11 09:23:05 | 000,000,048 | ---- | M] () -- C:\td8T.txt
[2009-05-22 00:25:06 | 000,000,050 | ---- | M] () -- C:\TFel.txt
[2009-05-12 00:30:21 | 000,000,052 | ---- | M] () -- C:\tMClLtIW.txt
[2009-06-29 10:20:05 | 000,000,049 | ---- | M] () -- C:\tovN.txt
[2009-05-12 00:00:18 | 000,000,053 | ---- | M] () -- C:\tPJ1P.txt
[2009-04-23 13:00:05 | 000,000,052 | ---- | M] () -- C:\tPMX3i.txt
[2009-05-14 15:28:04 | 000,000,048 | ---- | M] () -- C:\Tqkhuw.txt
[2009-05-21 17:26:06 | 000,000,048 | ---- | M] () -- C:\Trx6.txt
[2009-05-21 17:02:08 | 000,000,052 | ---- | M] () -- C:\TSiJ.txt
[2009-05-08 08:00:10 | 000,000,048 | ---- | M] () -- C:\tsnmtrc.txt
[2009-05-21 16:20:05 | 000,000,048 | ---- | M] () -- C:\tT3A.txt
[2009-05-07 15:00:09 | 000,000,050 | ---- | M] () -- C:\tUN2WmJb.txt
[2009-06-26 15:09:06 | 000,000,051 | ---- | M] () -- C:\tvB5G7w7.txt
[2009-05-21 22:29:08 | 000,000,053 | ---- | M] () -- C:\TVFY.txt
[2009-05-22 14:42:06 | 000,000,052 | ---- | M] () -- C:\TWyu.txt
[2009-06-29 10:35:04 | 000,000,049 | ---- | M] () -- C:\Tx6I.txt
[2009-04-28 11:00:04 | 000,000,049 | ---- | M] () -- C:\tXQ6YQ.txt
[2009-05-27 11:09:07 | 000,000,049 | ---- | M] () -- C:\txVd.txt
[2009-05-01 19:30:10 | 000,000,050 | ---- | M] () -- C:\tYg00G7.txt
[2009-06-17 18:26:07 | 000,000,049 | ---- | M] () -- C:\tyLx.txt
[2009-06-16 16:04:03 | 000,000,049 | ---- | M] () -- C:\u33dkii.txt
[2009-05-18 11:44:09 | 000,000,053 | ---- | M] () -- C:\u4FAHkX.txt
[2009-05-21 15:56:09 | 000,000,051 | ---- | M] () -- C:\U9fWDjic.txt
[2009-06-26 15:19:05 | 000,000,052 | ---- | M] () -- C:\UAB.txt
[2009-05-12 09:45:16 | 000,000,053 | ---- | M] () -- C:\uaDF8.txt
[2009-06-17 20:29:06 | 000,000,049 | ---- | M] () -- C:\ubwMhP.txt
[2009-05-21 20:26:08 | 000,000,053 | ---- | M] () -- C:\uBZ2c.txt
[2009-05-11 17:00:11 | 000,000,051 | ---- | M] () -- C:\uDdb.txt
[2009-05-27 16:08:14 | 000,000,048 | ---- | M] () -- C:\UdNM7j.txt
[2009-06-26 10:50:08 | 000,000,053 | ---- | M] () -- C:\UGYXa.txt
[2009-05-07 16:15:06 | 000,000,053 | ---- | M] () -- C:\UH51.txt
[2009-06-18 18:57:06 | 000,000,052 | ---- | M] () -- C:\ui9M.txt
[2009-05-21 20:51:06 | 000,000,048 | ---- | M] () -- C:\Ujl.txt
[2009-06-18 17:56:06 | 000,000,052 | ---- | M] () -- C:\UjP.txt
[2009-05-22 02:05:06 | 000,000,052 | ---- | M] () -- C:\uKOSF.txt
[2009-05-07 16:30:03 | 000,000,053 | ---- | M] () -- C:\UMVSAK.txt
[2009-04-23 14:45:04 | 000,000,053 | ---- | M] () -- C:\UNqWMX.txt
[2009-05-18 12:56:11 | 000,000,048 | ---- | M] () -- C:\UnV.txt
[2009-05-22 15:49:05 | 000,000,048 | ---- | M] () -- C:\UpBFsgD.txt
[2009-06-18 19:25:07 | 000,000,051 | ---- | M] () -- C:\UPSiwjtO.txt
[2009-06-26 13:45:34 | 000,000,053 | ---- | M] () -- C:\urdCgpsE.txt
[2009-06-17 11:20:07 | 000,000,050 | ---- | M] () -- C:\uRxeo.txt
[2009-06-09 11:46:07 | 000,000,048 | ---- | M] () -- C:\UStO2.txt
[2009-04-22 14:15:16 | 000,000,049 | ---- | M] () -- C:\UTK.txt
[2009-05-21 16:43:07 | 000,000,052 | ---- | M] () -- C:\uu6qJcGZ.txt
[2009-05-01 12:30:03 | 000,000,050 | ---- | M] () -- C:\UUCskz.txt
[2009-04-22 16:45:04 | 000,000,048 | ---- | M] () -- C:\UX1.txt
[2009-04-28 09:45:06 | 000,000,053 | ---- | M] () -- C:\uYk.txt
[2009-05-21 23:56:07 | 000,000,048 | ---- | M] () -- C:\v0JH.txt
[2009-06-17 12:51:07 | 000,000,052 | ---- | M] () -- C:\V2RuSM.txt
[2009-05-27 12:19:09 | 000,000,053 | ---- | M] () -- C:\V4i6.txt
[2009-05-12 01:30:21 | 000,000,052 | ---- | M] () -- C:\v9OB.txt
[2009-06-11 09:53:09 | 000,000,051 | ---- | M] () -- C:\VBD4c2.txt
[2009-06-25 16:52:04 | 000,000,049 | ---- | M] () -- C:\VBdvTc4G.txt
[2009-04-24 10:45:02 | 000,000,052 | ---- | M] () -- C:\vcFCUP.txt
[2009-05-08 09:00:10 | 000,000,051 | ---- | M] () -- C:\Vci8EO0.txt
[2009-06-22 17:47:06 | 000,000,051 | ---- | M] () -- C:\VCMKvpP.txt
[2009-05-12 12:00:21 | 000,000,052 | ---- | M] () -- C:\Vcr61.txt
[2009-06-26 11:34:06 | 000,000,053 | ---- | M] () -- C:\vcxwyBiT.txt
[2009-05-11 18:15:10 | 000,000,049 | ---- | M] () -- C:\vCY4Ok.txt
[2009-06-26 13:08:06 | 000,000,051 | ---- | M] () -- C:\VFB5Vs.txt
[2009-05-08 20:45:15 | 000,000,051 | ---- | M] () -- C:\vhPdI.txt
[2009-05-08 15:45:09 | 000,000,049 | ---- | M] () -- C:\vL7.txt
[2009-06-26 13:01:06 | 000,000,052 | ---- | M] () -- C:\vmDi.txt
[2009-04-22 13:45:15 | 000,000,052 | ---- | M] () -- C:\vmlNw.txt
[2009-05-14 14:30:06 | 000,000,052 | ---- | M] () -- C:\VN7mkhN.txt
[2009-05-08 18:45:05 | 000,000,048 | ---- | M] () -- C:\vNWPRXQ.txt
[2009-06-09 12:09:07 | 000,000,050 | ---- | M] () -- C:\VPqwWxG.txt
[2009-04-27 10:45:05 | 000,000,053 | ---- | M] () -- C:\Vr96SW8.txt
[2009-06-29 10:58:20 | 000,000,053 | ---- | M] () -- C:\vsCg8F.txt
[2009-05-14 15:01:06 | 000,000,052 | ---- | M] () -- C:\VsdbgluO.txt
[2008-06-06 10:17:40 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2006-12-29 13:35:51 | 000,000,220 | ---- | M] () -- C:\VundoFix.txt
[2009-05-27 12:49:06 | 000,000,051 | ---- | M] () -- C:\vv4wDhaQ.txt
[2009-06-09 09:25:07 | 000,000,053 | ---- | M] () -- C:\VVZ5cd.txt
[2009-06-17 08:53:06 | 000,000,048 | ---- | M] () -- C:\vXXW4b.txt
[2009-05-11 21:30:14 | 000,000,050 | ---- | M] () -- C:\W1h1an.txt
[2009-05-01 17:15:02 | 000,000,048 | ---- | M] () -- C:\w5r.txt
[2009-05-18 15:40:06 | 000,000,050 | ---- | M] () -- C:\w9P.txt
[2009-05-08 01:30:07 | 000,000,051 | ---- | M] () -- C:\wAt.txt
[2009-06-26 15:32:06 | 000,000,049 | ---- | M] () -- C:\WAvLv.txt
[2009-05-27 13:56:07 | 000,000,051 | ---- | M] () -- C:\wcznxn.txt
[2009-06-22 15:25:06 | 000,000,053 | ---- | M] () -- C:\WcZs64qL.txt
[2009-05-11 18:45:12 | 000,000,048 | ---- | M] () -- C:\WdF.txt
[2009-05-08 03:15:12 | 000,000,048 | ---- | M] () -- C:\wdQS.txt
[2009-05-08 04:45:09 | 000,000,050 | ---- | M] () -- C:\whPT.txt
[2009-04-23 09:30:06 | 000,000,052 | ---- | M] () -- C:\WISG.txt
[2009-06-17 20:05:06 | 000,000,048 | ---- | M] () -- C:\WiTiwA0.txt
[2009-05-08 01:15:08 | 000,000,049 | ---- | M] () -- C:\WLUBpu.txt
[2009-05-18 12:33:10 | 000,000,052 | ---- | M] () -- C:\wOTnQ.txt
[2009-05-08 17:30:06 | 000,000,052 | ---- | M] () -- C:\wPs7.txt
[2009-05-27 11:30:11 | 000,000,051 | ---- | M] () -- C:\WPUIq.txt
[2009-04-23 15:00:04 | 000,000,048 | ---- | M] () -- C:\wQ5.txt
[2009-04-30 12:00:05 | 000,000,077 | ---- | M] () -- C:\wQhQdk8.txt
[2009-05-08 08:45:12 | 000,000,053 | ---- | M] () -- C:\wrDS.txt
[2009-06-17 15:30:06 | 000,000,050 | ---- | M] () -- C:\wSp0Pkch.txt
[2009-05-12 13:30:14 | 000,000,052 | ---- | M] () -- C:\wteVYcUl.txt
[2009-04-24 13:30:09 | 000,000,049 | ---- | M] () -- C:\WtkSk.txt
[2009-05-18 13:09:06 | 000,000,053 | ---- | M] () -- C:\wtv.txt
[2009-05-27 14:09:10 | 000,000,051 | ---- | M] () -- C:\Wu8x4xzn.txt
[2009-05-08 07:00:30 | 000,000,048 | ---- | M] () -- C:\wUi.txt
[2009-05-27 13:17:06 | 000,000,053 | ---- | M] () -- C:\WuY4G.txt
[2009-05-12 14:30:08 | 000,000,050 | ---- | M] () -- C:\wv3.txt
[2009-05-18 15:53:06 | 000,000,052 | ---- | M] () -- C:\WVtQrFN.txt
[2009-05-01 16:30:02 | 000,000,053 | ---- | M] () -- C:\wWFFy1N.txt
[2009-05-21 23:36:06 | 000,000,053 | ---- | M] () -- C:\wyADENqI.txt
[2009-06-22 16:55:06 | 000,000,052 | ---- | M] () -- C:\WZIQoTIX.txt
[2009-05-08 19:30:06 | 000,000,052 | ---- | M] () -- C:\x0zSuTR7.txt
[2009-05-01 15:45:03 | 000,000,051 | ---- | M] () -- C:\X1cV.txt
[2009-05-08 16:00:11 | 000,000,052 | ---- | M] () -- C:\X2aem.txt
[2009-05-08 21:00:09 | 000,000,049 | ---- | M] () -- C:\X37oJI.txt
[2009-05-08 12:00:11 | 000,000,050 | ---- | M] () -- C:\x3GMW4i.txt
[2009-05-14 14:56:04 | 000,000,051 | ---- | M] () -- C:\x3tU4.txt
[2009-05-04 11:15:03 | 000,000,049 | ---- | M] () -- C:\X5zaYueB.txt
[2009-05-18 12:42:09 | 000,000,053 | ---- | M] () -- C:\x6T.txt
[2009-05-18 15:57:06 | 000,000,051 | ---- | M] () -- C:\x73.txt
[2009-05-11 21:45:18 | 000,000,053 | ---- | M] () -- C:\xbO1TZ.txt
[2009-04-23 12:30:13 | 000,000,053 | ---- | M] () -- C:\xcoZV.txt
[2009-05-08 11:30:09 | 000,000,050 | ---- | M] () -- C:\XCVhjq.txt
[2009-05-22 06:25:07 | 000,000,048 | ---- | M] () -- C:\XdSgD.txt
[2009-04-23 10:45:14 | 000,000,053 | ---- | M] () -- C:\xfjJvS.txt
[2009-06-18 11:26:06 | 000,000,052 | ---- | M] () -- C:\XfoIMs.txt
[2009-05-01 11:45:03 | 000,000,049 | ---- | M] () -- C:\XH3.txt
[2009-05-01 18:45:13 | 000,000,052 | ---- | M] () -- C:\Xhce3.txt
[2009-05-01 20:00:26 | 000,000,052 | ---- | M] () -- C:\xihI.txt
[2009-05-07 23:15:04 | 000,000,051 | ---- | M] () -- C:\xIj.txt
[2009-05-08 10:15:11 | 000,000,048 | ---- | M] () -- C:\xIOPd7.txt
[2009-05-08 14:45:07 | 000,000,053 | ---- | M] () -- C:\XjJUrMl.txt
[2009-05-08 09:15:15 | 000,000,048 | ---- | M] () -- C:\XkP.txt
[2009-05-08 06:30:11 | 000,000,048 | ---- | M] () -- C:\XLW2xHYO.txt
[2009-04-22 14:45:20 | 000,000,051 | ---- | M] () -- C:\XmZCCiJ.txt
[2008-07-30 18:31:13 | 003,188,440 | ---- | M] (ParetoLogic Inc.) -- C:\XoftSpySE_Setup_RW.exe
[2009-05-08 17:00:06 | 000,000,048 | ---- | M] () -- C:\XqdidOKk.txt
[2009-06-17 19:03:06 | 000,000,050 | ---- | M] () -- C:\XrG.txt
[2009-04-27 11:15:03 | 000,000,052 | ---- | M] () -- C:\XUFTOzCL.txt
[2009-05-08 02:30:11 | 000,000,048 | ---- | M] () -- C:\y16vtNz0.txt
[2009-06-26 15:39:06 | 000,000,048 | ---- | M] () -- C:\Y2T8T4W.txt
[2009-05-01 13:00:03 | 000,000,048 | ---- | M] () -- C:\Y66ago.txt
[2009-06-22 16:15:07 | 000,000,048 | ---- | M] () -- C:\Y8rwH.txt
[2009-05-11 22:30:16 | 000,000,053 | ---- | M] () -- C:\Y8ycqus.txt
[2009-05-21 20:09:07 | 000,000,052 | ---- | M] () -- C:\YEPfu8.txt
[2009-05-22 00:09:06 | 000,000,048 | ---- | M] () -- C:\YeZGYGE.txt
[2009-06-22 17:03:07 | 000,000,049 | ---- | M] () -- C:\Yfe.txt
[2009-05-07 16:00:05 | 000,000,048 | ---- | M] () -- C:\yHqlt.txt
[2009-04-22 17:00:21 | 000,000,048 | ---- | M] () -- C:\yJ2HOCq.txt
[2009-05-18 16:25:08 | 000,000,052 | ---- | M] () -- C:\YLL.txt
[2009-04-23 09:15:09 | 000,000,052 | ---- | M] () -- C:\ymGZs.txt
[2009-05-15 16:38:04 | 000,000,049 | ---- | M] () -- C:\YMhV.txt
[2009-04-22 13:15:30 | 000,000,049 | ---- | M] () -- C:\yNB6.txt
[2009-06-25 16:39:04 | 000,000,053 | ---- | M] () -- C:\YnXoBR7m.txt
[2009-05-11 17:15:13 | 000,000,051 | ---- | M] () -- C:\YoTHn.txt
[2009-05-08 14:15:06 | 000,000,048 | ---- | M] () -- C:\yOtIUKN.txt
[2009-06-17 14:18:07 | 000,000,051 | ---- | M] () -- C:\yRmJjR.txt
[2006-05-01 10:10:11 | 000,000,158 | ---- | M] () -- C:\YServer.txt
[2009-05-08 14:00:06 | 000,000,050 | ---- | M] () -- C:\YSOAbfH.txt
[2009-05-28 10:29:10 | 000,000,050 | ---- | M] () -- C:\Ysu.txt
[2009-05-11 23:45:21 | 000,000,052 | ---- | M] () -- C:\yvt.txt
[2009-05-08 07:45:13 | 000,000,052 | ---- | M] () -- C:\YXMDgjp.txt
[2009-05-08 00:15:09 | 000,000,051 | ---- | M] () -- C:\yYeUvoP.txt
[2009-04-24 13:30:08 | 000,000,052 | ---- | M] () -- C:\yzcRk.txt
[2009-05-12 14:45:10 | 000,000,053 | ---- | M] () -- C:\Z3Srma.txt
[2009-05-12 09:30:08 | 000,000,051 | ---- | M] () -- C:\zAB.txt
[2009-05-07 23:30:08 | 000,000,049 | ---- | M] () -- C:\ZCRtR1O.txt
[2009-05-11 22:15:17 | 000,000,052 | ---- | M] () -- C:\ZdrIq.txt
[2009-05-15 15:46:06 | 000,000,053 | ---- | M] () -- C:\zECH.txt
[2009-05-01 11:30:02 | 000,000,050 | ---- | M] () -- C:\ZfEs.txt
[2009-04-23 16:45:04 | 000,000,051 | ---- | M] () -- C:\Zfs3Zd5.txt
[2009-05-22 00:15:08 | 000,000,051 | ---- | M] () -- C:\ZgCda2ra.txt
[2009-05-15 16:29:03 | 000,000,052 | ---- | M] () -- C:\ZH93h5d1.txt
[2009-05-21 17:22:10 | 000,000,052 | ---- | M] () -- C:\ZhFhX.txt
[2009-06-22 15:16:09 | 000,000,048 | ---- | M] () -- C:\ZHHoWk.txt
[2009-06-18 16:41:06 | 000,000,051 | ---- | M] () -- C:\ZhMNS.txt
[2009-06-18 12:41:06 | 000,000,050 | ---- | M] () -- C:\ZhpFw.txt
[2009-05-08 00:00:10 | 000,000,049 | ---- | M] () -- C:\ziX.txt
[2009-06-09 10:31:11 | 000,000,051 | ---- | M] () -- C:\ZLa3.txt
[2009-05-22 07:52:07 | 000,000,051 | ---- | M] () -- C:\zmnnF.txt
[2009-06-17 15:47:06 | 000,000,051 | ---- | M] () -- C:\ZNrQU.txt
[2009-05-22 01:50:07 | 000,000,052 | ---- | M] () -- C:\ZQwqSIr.txt
[2009-05-08 08:30:10 | 000,000,053 | ---- | M] () -- C:\zrFVCcm.txt
[2009-05-08 15:15:07 | 000,000,048 | ---- | M] () -- C:\zSRzg.txt
[2009-05-26 09:42:06 | 000,000,052 | ---- | M] () -- C:\ztgnCRhC.txt
[2009-06-22 14:40:04 | 000,000,048 | ---- | M] () -- C:\zu3.txt
[2009-05-11 15:15:08 | 000,000,048 | ---- | M] () -- C:\ZvUJ.txt
[2009-05-22 15:56:09 | 000,000,052 | ---- | M] () -- C:\Zx4S.txt
[2009-05-07 23:45:06 | 000,000,052 | ---- | M] () -- C:\zYfuT70.txt
[2009-05-12 10:00:16 | 000,000,048 | ---- | M] () -- C:\zyljL.txt

rpicon · 2011/02/25

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004-08-11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009-10-01 13:30:14 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2004-03-22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011-01-13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004-08-11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-08-11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-08-11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004-08-11 18:15:06 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006-03-31 12:55:16 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004-08-11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011-02-22 12:12:06 | 004,272,549 | R--- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\ComboFix.exe
[2010-07-21 15:53:12 | 008,581,360 | ---- | M] (Mozilla) -- C:\Documents and Settings\Rick Picon\Desktop\Firefox Setup 3.6.7.exe
[2009-07-07 14:18:01 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Picon\Desktop\HiJackThis.exe
[2010-07-06 11:56:09 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rick Picon\Desktop\jxpiinstall.exe
[2010-06-30 09:37:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rick Picon\Desktop\mbam-setup-1.46.exe
[2011-02-11 15:03:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\MBRCheck.exe
[2011-02-25 10:52:47 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\OTL.exe
[2011-02-11 11:35:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Picon\Desktop\TFC.exe
[2011-02-23 14:29:40 | 029,913,267 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Rick Picon\Desktop\tt11014.exe
[2011-02-11 15:02:51 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Desktop\vvi1j13j.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2007-11-02 11:50:05 | 000,630,784 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Rick Picon\GoToAssist_chat2way__320_en.exe
[2010-03-11 11:35:33 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Rick Picon\gotomypc_533.exe

< %systemroot%\ADDINS\*.* >
[2004-08-04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006-03-31 12:55:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rick Picon\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009-12-08 18:29:03 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-02-25 10:52:23 | 002,129,920 | ---- | M] () -- C:\Documents and Settings\Rick Picon\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006-11-01 18:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004-08-04 06:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004-08-04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004-08-04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004-08-04 02:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004-08-04 02:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004-10-13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004-08-04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004-08-04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004-08-04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004-08-04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-08-04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP282699C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

broni · 2011/02/25

I still need Extras.txt

rpicon · 2011/02/28

broni,

I don't see Extras.txt saved anywhere.

Should i ran OTL again?

broni · 2011/02/28

That's fine. It happens sometimes.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=================================================================

Please look at this section of OTL scan:

There is a huge number of .txt files with strange names. Do you recognize them?

================================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5577
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2009-09-28 15:45:49 | 000,018,851 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\jepiqod.dl
[2009-09-28 15:45:49 | 000,018,170 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\otumy._dl
[2009-09-28 15:45:49 | 000,013,673 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oxol.bat
[2009-09-28 15:45:49 | 000,013,499 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\xacomihony.dll
[2009-09-28 15:45:49 | 000,013,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ujiluj._sy
[2009-09-28 15:45:49 | 000,013,123 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\ehipep.scr
[2009-09-28 15:45:49 | 000,012,631 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\xobusob.lib
[2009-09-28 15:45:49 | 000,012,400 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\bufezo.dl
[2009-09-28 15:45:49 | 000,011,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rycaxujy.exe
[2009-09-28 15:45:49 | 000,011,348 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\liqeli._sy
[2009-09-28 15:45:49 | 000,010,318 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\rafofula.exe
[2009-09-25 16:43:14 | 000,011,296 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\zilyjev.bin
[2009-09-25 16:43:14 | 000,010,753 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\ofawivetud.bat
[2009-09-25 16:43:13 | 000,019,692 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\sarehof._dl
[2009-09-25 16:43:13 | 000,019,469 | ---- | C] () -- C:\WINDOWS\System32\aveda.dll
[2009-09-25 16:43:13 | 000,019,160 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\arizojuxas.com
[2009-09-25 16:43:13 | 000,019,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izuhyp.bat
[2009-09-25 16:43:13 | 000,014,276 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\lysocewity._dl
[2009-09-25 16:43:13 | 000,013,702 | ---- | C] () -- C:\WINDOWS\ehubanowo.sys
[2009-09-25 16:43:13 | 000,012,612 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\exasoby.vbs
[2009-09-25 16:43:13 | 000,012,144 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\okahogog.dl
[2009-09-25 15:27:02 | 000,019,801 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\jeno.scr
[2009-09-25 15:27:02 | 000,011,460 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Local Settings\Application Data\zyzowy.dll
[2009-09-25 15:27:02 | 000,011,123 | ---- | C] () -- C:\Documents and Settings\Rick Picon\Application Data\pemuzelit.dl
[2007-03-12 21:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Log in or Sign up

Inactive very slow to process applications, load or internet.

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

Admin. Administrator Administrator Staff

rpicon Inactive Thread Starter

PeteC SuperGeek Staff

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive very slow to process applications, load or internet.

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

Admin. Administrator Administrator Staff

rpicon Inactive Thread Starter

PeteC SuperGeek Staff

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

rpicon Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches