Solved Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack

Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

[1998/12/25 13:29:12 | 000,003,450 | ---- | M] () -- C:\Step Pyramid.lay
[2002/04/22 12:10:26 | 000,145,717 | ---- | M] () -- C:\Steps.jpg
[2002/04/16 11:21:06 | 000,325,992 | ---- | M] () -- C:\Stickmen.jpg
[2002/04/01 11:58:10 | 000,082,096 | ---- | M] () -- C:\Stone Cold.jpg
[2002/04/18 13:14:46 | 000,128,379 | ---- | M] () -- C:\Stone Wall.jpg
[2000/10/25 11:45:48 | 000,308,342 | ---- | M] () -- C:\Stone.jpg
[2002/04/23 17:06:22 | 000,000,162 | ---- | M] () -- C:\Stone.txt
[1998/11/23 23:01:14 | 000,003,443 | ---- | M] () -- C:\Stonehenge.lay
[2002/04/12 09:36:18 | 000,270,543 | ---- | M] () -- C:\Strange Creatures.jpg
[2002/04/19 17:21:08 | 000,473,996 | ---- | M] () -- C:\Stripes.jpg
[2002/04/15 10:53:24 | 000,042,184 | ---- | M] () -- C:\Stucco.jpg
[2002/04/22 12:16:10 | 000,347,968 | ---- | M] () -- C:\Sundial.jpg
[2002/04/19 16:04:10 | 000,128,587 | ---- | M] () -- C:\Sunflower.jpg
[1998/12/25 13:35:36 | 000,003,442 | ---- | M] () -- C:\SunMoon.lay
[2002/04/22 11:57:46 | 000,101,629 | ---- | M] () -- C:\Sunrise.jpg
[2002/04/22 15:10:46 | 000,093,259 | ---- | M] () -- C:\Sunset Lake.jpg
[2002/04/19 17:00:06 | 000,173,856 | ---- | M] () -- C:\Sunset.jpg
[2002/04/15 13:50:20 | 000,044,158 | ---- | M] () -- C:\supermoire1.jpg
[2002/04/15 14:13:02 | 000,054,434 | ---- | M] () -- C:\supermoire10.jpg
[2002/04/15 14:14:04 | 000,045,312 | ---- | M] () -- C:\supermoire11.jpg
[2002/04/15 14:14:02 | 000,037,012 | ---- | M] () -- C:\supermoire12.jpg
[2002/04/15 14:13:58 | 000,036,990 | ---- | M] () -- C:\supermoire13.jpg
[2002/04/15 14:13:54 | 000,036,183 | ---- | M] () -- C:\supermoire14.jpg
[2002/04/15 14:13:48 | 000,047,881 | ---- | M] () -- C:\supermoire15.jpg
[2002/04/15 13:54:54 | 000,048,684 | ---- | M] () -- C:\supermoire2.jpg
[2002/04/15 14:05:22 | 000,042,821 | ---- | M] () -- C:\supermoire3.jpg
[2002/04/15 14:03:24 | 000,044,356 | ---- | M] () -- C:\supermoire4.jpg
[2002/04/15 14:12:16 | 000,054,364 | ---- | M] () -- C:\supermoire5.jpg
[2002/04/15 14:07:24 | 000,054,215 | ---- | M] () -- C:\supermoire6.jpg
[2002/04/15 14:13:10 | 000,052,355 | ---- | M] () -- C:\supermoire7.jpg
[2002/04/15 14:13:14 | 000,047,049 | ---- | M] () -- C:\supermoire8.jpg
[2002/04/15 14:13:06 | 000,039,021 | ---- | M] () -- C:\supermoire9.jpg
[2002/04/15 13:50:34 | 000,029,840 | ---- | M] () -- C:\super_taffy1.jpg
[2002/04/15 14:13:04 | 000,033,393 | ---- | M] () -- C:\super_taffy10.jpg
[2002/04/15 14:14:04 | 000,028,354 | ---- | M] () -- C:\super_taffy11.jpg
[2002/04/15 14:14:02 | 000,025,067 | ---- | M] () -- C:\super_taffy12.jpg
[2002/04/15 14:13:58 | 000,025,416 | ---- | M] () -- C:\super_taffy13.jpg
[2002/04/15 14:13:56 | 000,022,448 | ---- | M] () -- C:\super_taffy14.jpg
[2002/04/15 14:13:50 | 000,029,595 | ---- | M] () -- C:\super_taffy15.jpg
[2002/04/15 13:56:10 | 000,031,491 | ---- | M] () -- C:\super_taffy2.jpg
[2002/04/15 14:05:36 | 000,028,359 | ---- | M] () -- C:\super_taffy3.jpg
[2002/04/15 14:03:52 | 000,030,091 | ---- | M] () -- C:\super_taffy4.jpg
[2002/04/15 14:12:18 | 000,033,300 | ---- | M] () -- C:\super_taffy5.jpg
[2002/04/15 14:07:38 | 000,034,018 | ---- | M] () -- C:\super_taffy6.jpg
[2002/04/15 14:13:10 | 000,034,681 | ---- | M] () -- C:\super_taffy7.jpg
[2002/04/15 14:13:14 | 000,028,964 | ---- | M] () -- C:\super_taffy8.jpg
[2002/04/15 14:13:08 | 000,026,317 | ---- | M] () -- C:\super_taffy9.jpg
[2002/04/15 13:50:26 | 000,024,573 | ---- | M] () -- C:\super_wave1.jpg
[2002/04/15 14:13:04 | 000,027,577 | ---- | M] () -- C:\super_wave10.jpg
[2002/04/15 14:14:04 | 000,023,794 | ---- | M] () -- C:\super_wave11.jpg
[2002/04/15 14:14:02 | 000,021,059 | ---- | M] () -- C:\super_wave12.jpg
[2002/04/15 14:13:58 | 000,021,309 | ---- | M] () -- C:\super_wave13.jpg
[2002/04/15 14:13:54 | 000,019,283 | ---- | M] () -- C:\super_wave14.jpg
[2002/04/15 14:13:50 | 000,024,982 | ---- | M] () -- C:\super_wave15.jpg
[2002/04/15 13:56:04 | 000,026,285 | ---- | M] () -- C:\super_wave2.jpg
[2002/04/15 14:05:28 | 000,023,802 | ---- | M] () -- C:\super_wave3.jpg
[2002/04/15 14:03:46 | 000,024,931 | ---- | M] () -- C:\super_wave4.jpg
[2002/04/15 14:12:16 | 000,027,442 | ---- | M] () -- C:\super_wave5.jpg
[2002/04/15 14:07:32 | 000,028,195 | ---- | M] () -- C:\super_wave6.jpg
[2002/04/15 14:13:10 | 000,029,158 | ---- | M] () -- C:\super_wave7.jpg
[2002/04/15 14:13:14 | 000,024,327 | ---- | M] () -- C:\super_wave8.jpg
[2002/04/15 14:13:08 | 000,022,293 | ---- | M] () -- C:\super_wave9.jpg
[2002/04/22 13:52:20 | 000,221,442 | ---- | M] () -- C:\Sushi.jpg
[2002/04/10 09:50:06 | 000,157,024 | ---- | M] () -- C:\Swirl.jpg
[2000/08/28 13:58:06 | 000,026,388 | ---- | M] () -- C:\Swirls.jpg
[2002/04/10 11:46:50 | 000,055,596 | ---- | M] () -- C:\Symbol.jpg
[2002/01/17 05:56:42 | 000,033,946 | ---- | M] () -- C:\systemprops.gif
[2002/04/22 15:19:02 | 000,394,426 | ---- | M] () -- C:\Tan Cement.jpg
[2002/04/22 15:38:04 | 000,073,097 | ---- | M] () -- C:\Taxi.jpg
[2002/04/05 17:44:00 | 000,003,426 | ---- | M] () -- C:\Tea Kettle.lay
[2002/04/22 12:15:10 | 000,099,936 | ---- | M] () -- C:\Teaset.jpg
[2002/04/02 12:28:06 | 000,003,426 | ---- | M] () -- C:\Temple.lay
[2002/04/19 16:32:48 | 000,181,377 | ---- | M] () -- C:\Tennis.jpg
[1998/11/20 16:27:34 | 000,003,443 | ---- | M] () -- C:\Teotihucan.lay
[2000/08/28 15:28:42 | 000,017,504 | ---- | M] () -- C:\Terracotta.jpg
[2002/04/22 14:30:42 | 000,156,633 | ---- | M] () -- C:\Texture1.jpg
[2002/04/22 14:33:30 | 000,299,880 | ---- | M] () -- C:\Texture10.jpg
[2002/04/22 14:52:10 | 000,335,576 | ---- | M] () -- C:\Texture100.jpg
[2002/04/22 14:52:08 | 000,253,309 | ---- | M] () -- C:\Texture101.jpg
[2002/04/22 14:52:10 | 000,314,142 | ---- | M] () -- C:\Texture102.jpg
[2002/04/22 14:52:08 | 000,240,940 | ---- | M] () -- C:\Texture103.jpg
[2002/04/22 14:53:02 | 000,217,457 | ---- | M] () -- C:\Texture104.jpg
[2002/04/22 14:53:04 | 000,253,856 | ---- | M] () -- C:\Texture105.jpg
[2002/04/22 14:53:00 | 000,243,705 | ---- | M] () -- C:\Texture106.jpg
[2002/04/22 14:52:58 | 000,367,884 | ---- | M] () -- C:\Texture107.jpg
[2002/04/22 14:33:50 | 000,237,010 | ---- | M] () -- C:\Texture11.jpg
[2002/04/22 14:34:04 | 000,217,322 | ---- | M] () -- C:\Texture12.jpg
[2002/04/22 14:34:32 | 000,326,787 | ---- | M] () -- C:\Texture13.jpg
[2002/04/22 14:35:02 | 000,228,009 | ---- | M] () -- C:\Texture14.jpg
[2002/04/22 14:35:02 | 000,190,786 | ---- | M] () -- C:\Texture15.jpg
[2002/04/22 14:35:10 | 000,189,932 | ---- | M] () -- C:\Texture16.jpg
[2002/04/22 14:35:04 | 000,182,106 | ---- | M] () -- C:\Texture17.jpg
[2002/04/22 14:35:06 | 000,182,775 | ---- | M] () -- C:\Texture18.jpg
[2002/04/22 14:35:06 | 000,159,446 | ---- | M] () -- C:\Texture19.jpg
[2002/04/22 14:30:58 | 000,287,555 | ---- | M] () -- C:\Texture2.jpg
[2002/04/22 14:35:06 | 000,235,478 | ---- | M] () -- C:\Texture20.jpg
[2002/04/22 14:35:08 | 000,133,841 | ---- | M] () -- C:\Texture21.jpg
[2002/04/22 14:35:08 | 000,123,256 | ---- | M] () -- C:\Texture22.jpg
[2002/04/22 14:35:04 | 000,362,188 | ---- | M] () -- C:\Texture23.jpg
[2002/04/22 14:36:34 | 000,232,267 | ---- | M] () -- C:\Texture24.jpg
[2002/04/22 14:36:34 | 000,164,281 | ---- | M] () -- C:\Texture25.jpg
[2002/04/22 14:36:34 | 000,239,444 | ---- | M] () -- C:\Texture26.jpg
[2002/04/22 14:36:36 | 000,276,013 | ---- | M] () -- C:\Texture27.jpg
[2002/04/22 14:36:36 | 000,133,838 | ---- | M] () -- C:\Texture28.jpg
[2002/04/22 14:36:42 | 000,164,797 | ---- | M] () -- C:\Texture29.jpg
[2002/04/22 14:31:20 | 000,216,328 | ---- | M] () -- C:\Texture3.jpg
[2002/04/22 14:36:38 | 000,189,215 | ---- | M] () -- C:\Texture30.jpg
[2002/04/22 14:36:38 | 000,181,136 | ---- | M] () -- C:\Texture31.jpg
[2002/04/22 14:36:38 | 000,199,482 | ---- | M] () -- C:\Texture32.jpg
[2002/04/22 14:36:40 | 000,188,000 | ---- | M] () -- C:\Texture33.jpg
[2002/04/22 14:36:40 | 000,296,444 | ---- | M] () -- C:\Texture34.jpg
[2002/04/22 14:36:40 | 000,285,161 | ---- | M] () -- C:\Texture35.jpg
[2002/04/22 14:36:36 | 000,083,652 | ---- | M] () -- C:\Texture36.jpg
[2002/04/22 14:38:48 | 000,201,235 | ---- | M] () -- C:\Texture37.jpg
[2002/04/22 14:38:50 | 000,078,605 | ---- | M] () -- C:\Texture38.jpg
[2002/04/22 14:38:50 | 000,129,277 | ---- | M] () -- C:\Texture39.jpg
[2002/04/22 14:31:32 | 000,147,418 | ---- | M] () -- C:\Texture4.jpg
[2002/04/22 14:38:50 | 000,164,579 | ---- | M] () -- C:\Texture40.jpg
[2002/04/22 14:38:52 | 000,110,749 | ---- | M] () -- C:\Texture41.jpg
[2002/04/22 14:38:58 | 000,146,494 | ---- | M] () -- C:\Texture42.jpg
[2002/04/22 14:38:58 | 000,171,729 | ---- | M] () -- C:\Texture43.jpg
[2002/04/22 14:38:58 | 000,177,258 | ---- | M] () -- C:\Texture44.jpg
[2002/04/22 14:39:00 | 000,169,111 | ---- | M] () -- C:\Texture45.jpg
[2002/04/22 14:39:00 | 000,219,903 | ---- | M] () -- C:\Texture46.jpg
[2002/04/22 14:39:00 | 000,097,687 | ---- | M] () -- C:\Texture47.jpg
[2002/04/22 14:39:02 | 000,163,558 | ---- | M] () -- C:\Texture48.jpg
[2002/04/22 14:39:02 | 000,218,513 | ---- | M] () -- C:\Texture49.jpg
[2002/04/22 14:32:04 | 000,193,849 | ---- | M] () -- C:\Texture5.jpg
[2002/04/22 14:38:56 | 000,230,593 | ---- | M] () -- C:\Texture50.jpg
[2002/04/22 14:45:48 | 000,164,083 | ---- | M] () -- C:\Texture51.jpg
[2002/04/22 14:45:48 | 000,224,474 | ---- | M] () -- C:\Texture52.jpg
[2002/04/22 14:45:50 | 000,162,312 | ---- | M] () -- C:\Texture53.jpg
[2002/04/22 14:45:50 | 000,208,940 | ---- | M] () -- C:\Texture54.jpg
[2002/04/22 14:45:50 | 000,267,181 | ---- | M] () -- C:\Texture55.jpg
[2002/04/22 14:45:52 | 000,273,704 | ---- | M] () -- C:\Texture56.jpg
[2002/04/22 14:45:52 | 000,235,511 | ---- | M] () -- C:\Texture57.jpg
[2002/04/22 14:45:56 | 000,230,261 | ---- | M] () -- C:\Texture58.jpg
[2002/04/22 14:45:54 | 000,182,787 | ---- | M] () -- C:\Texture59.jpg
[2002/04/22 14:32:42 | 000,337,693 | ---- | M] () -- C:\Texture6.jpg
[2002/04/22 14:45:54 | 000,198,902 | ---- | M] () -- C:\Texture60.jpg
[2002/04/22 14:45:54 | 000,204,009 | ---- | M] () -- C:\Texture61.jpg
[2002/04/22 14:45:52 | 000,129,628 | ---- | M] () -- C:\Texture62.jpg
[2002/04/22 14:47:36 | 000,183,156 | ---- | M] () -- C:\Texture63.jpg
[2002/04/22 14:47:36 | 000,155,693 | ---- | M] () -- C:\Texture64.jpg
[2002/04/22 14:47:36 | 000,221,754 | ---- | M] () -- C:\Texture65.jpg
[2002/04/22 14:47:38 | 000,176,180 | ---- | M] () -- C:\Texture66.jpg
[2002/04/22 14:47:38 | 000,174,047 | ---- | M] () -- C:\Texture67.jpg
[2002/04/22 14:47:38 | 000,215,428 | ---- | M] () -- C:\Texture68.jpg
[2002/04/22 14:47:48 | 000,174,521 | ---- | M] () -- C:\Texture69.jpg
[2002/04/22 14:32:52 | 000,374,564 | ---- | M] () -- C:\Texture7.jpg
[2002/04/22 14:47:40 | 000,122,951 | ---- | M] () -- C:\Texture70.jpg
[2002/04/22 14:47:40 | 000,156,935 | ---- | M] () -- C:\Texture71.jpg
[2002/04/22 14:47:42 | 000,165,065 | ---- | M] () -- C:\Texture72.jpg
[2002/04/22 14:47:42 | 000,220,355 | ---- | M] () -- C:\Texture73.jpg
[2002/04/22 14:47:42 | 000,141,581 | ---- | M] () -- C:\Texture74.jpg
[2002/04/22 14:47:44 | 000,148,869 | ---- | M] () -- C:\Texture75.jpg
[2002/04/22 14:47:44 | 000,089,660 | ---- | M] () -- C:\Texture76.jpg
[2002/04/22 14:47:46 | 000,078,504 | ---- | M] () -- C:\Texture77.jpg
[2002/04/22 14:47:46 | 000,057,749 | ---- | M] () -- C:\Texture78.jpg
[2002/04/22 14:47:46 | 000,239,201 | ---- | M] () -- C:\Texture79.jpg
[2002/04/22 14:33:04 | 000,190,593 | ---- | M] () -- C:\Texture8.jpg
[2002/04/22 14:47:40 | 000,179,590 | ---- | M] () -- C:\Texture80.jpg
[2002/04/22 14:50:04 | 000,282,239 | ---- | M] () -- C:\Texture81.jpg
[2002/04/22 14:50:06 | 000,317,771 | ---- | M] () -- C:\Texture82.jpg
[2002/04/22 14:50:06 | 000,236,272 | ---- | M] () -- C:\Texture83.jpg
[2002/04/22 14:50:06 | 000,258,054 | ---- | M] () -- C:\Texture84.jpg
[2002/04/22 14:50:08 | 000,287,671 | ---- | M] () -- C:\Texture85.jpg
[2002/04/22 14:50:08 | 000,295,329 | ---- | M] () -- C:\Texture86.jpg
[2002/04/22 14:50:08 | 000,266,759 | ---- | M] () -- C:\Texture87.jpg
[2002/04/22 14:50:14 | 000,233,338 | ---- | M] () -- C:\Texture88.jpg
[2002/04/22 14:50:10 | 000,267,286 | ---- | M] () -- C:\Texture89.jpg
[2002/04/22 14:33:14 | 000,219,609 | ---- | M] () -- C:\Texture9.jpg
[2002/04/22 14:50:10 | 000,247,560 | ---- | M] () -- C:\Texture90.jpg
[2002/04/22 14:50:12 | 000,235,895 | ---- | M] () -- C:\Texture91.jpg
[2002/04/22 14:50:12 | 000,270,864 | ---- | M] () -- C:\Texture92.jpg
[2002/04/22 14:50:12 | 000,218,899 | ---- | M] () -- C:\Texture93.jpg
[2002/04/22 14:50:12 | 000,237,536 | ---- | M] () -- C:\Texture94.jpg
[2002/04/22 14:50:14 | 000,076,031 | ---- | M] () -- C:\Texture95.jpg
[2002/04/22 14:50:14 | 000,329,964 | ---- | M] () -- C:\Texture96.jpg
[2002/04/22 14:50:10 | 000,141,252 | ---- | M] () -- C:\Texture97.jpg
[2002/04/22 14:51:48 | 000,286,185 | ---- | M] () -- C:\Texture98.jpg
[2002/04/22 14:52:08 | 000,289,945 | ---- | M] () -- C:\Texture99.jpg
[2002/04/12 09:21:22 | 000,235,268 | ---- | M] () -- C:\Textures.jpg
[1999/02/11 17:31:38 | 000,003,430 | ---- | M] () -- C:\The Great Wall.lay
[2000/01/14 15:33:00 | 000,018,581 | ---- | M] () -- C:\The Sad Song.mid
[1998/11/20 16:04:50 | 000,003,437 | ---- | M] () -- C:\Theater.lay
[2002/04/15 14:15:40 | 000,012,955 | ---- | M] () -- C:\thing1.jpg
[2002/04/15 14:15:28 | 000,008,622 | ---- | M] () -- C:\thing10.jpg
[2002/04/15 14:15:38 | 000,014,942 | ---- | M] () -- C:\thing2.jpg
[2002/04/15 14:15:36 | 000,017,413 | ---- | M] () -- C:\thing3.jpg
[2002/04/15 14:15:36 | 000,017,080 | ---- | M] () -- C:\thing4.jpg
[2002/04/15 14:15:34 | 000,014,926 | ---- | M] () -- C:\thing5.jpg
[2002/04/15 14:15:32 | 000,012,874 | ---- | M] () -- C:\thing6.jpg
[2002/04/15 14:15:30 | 000,012,451 | ---- | M] () -- C:\thing7.jpg
[2002/04/15 14:15:30 | 000,016,140 | ---- | M] () -- C:\thing8.jpg
[2002/04/15 14:16:04 | 000,011,258 | ---- | M] () -- C:\thing9.jpg
[2002/04/22 13:40:10 | 000,176,524 | ---- | M] () -- C:\Thirsty.jpg
[2000/05/15 18:12:56 | 000,003,455 | ---- | M] () -- C:\Three Wells.lay
[2002/04/19 16:41:36 | 000,146,987 | ---- | M] () -- C:\Three.jpg
[2002/04/22 12:18:10 | 000,152,812 | ---- | M] () -- C:\Thyme.jpg
[2002/04/05 18:03:48 | 000,003,426 | ---- | M] () -- C:\Tic Tac Toe.lay
[1998/11/20 16:04:38 | 000,003,442 | ---- | M] () -- C:\Tile Fighter.lay
[1998/11/20 16:04:08 | 000,003,439 | ---- | M] () -- C:\Tilepiles.lay
[2002/04/12 09:26:34 | 000,236,689 | ---- | M] () -- C:\Tiles.jpg
[1999/01/28 22:51:18 | 000,028,179 | ---- | M] () -- C:\Timeless.mid
[2009/02/06 16:51:03 | 000,000,042 | ---- | M] () -- C:\title.txt
[2002/01/31 07:02:28 | 000,004,609 | ---- | M] () -- C:\top.htm
[2002/04/22 13:59:28 | 000,095,476 | ---- | M] () -- C:\Top.jpg
[2002/01/30 03:41:06 | 000,000,455 | ---- | M] () -- C:\topbar.gif
[2002/01/11 10:49:10 | 000,001,358 | ---- | M] () -- C:\topbar1.gif
[2002/04/15 05:16:04 | 000,046,162 | ---- | M] () -- C:\top_01.gif
[2002/04/22 11:47:46 | 000,179,217 | ---- | M] () -- C:\Touchdown.jpg
[1998/11/23 23:01:14 | 000,003,448 | ---- | M] () -- C:\Tower and Walls.lay
[2002/04/22 14:57:18 | 000,213,822 | ---- | M] () -- C:\Tower.jpg
[2002/04/22 14:12:40 | 000,092,653 | ---- | M] () -- C:\Toy Santa.jpg
[2002/04/22 14:12:26 | 000,108,376 | ---- | M] () -- C:\Toy Soldier.jpg
[2002/04/19 16:49:28 | 000,116,610 | ---- | M] () -- C:\Toy.jpg
[1998/11/23 23:01:14 | 000,003,453 | ---- | M] () -- C:\Traditional Reviewed.lay
[2002/04/12 09:24:38 | 000,285,917 | ---- | M] () -- C:\Traditional.jpg
[1998/04/06 13:34:00 | 000,003,427 | ---- | M] () -- C:\Traditional.lay
[2002/04/22 15:35:02 | 000,235,589 | ---- | M] () -- C:\Traffic Lights.jpg
[2002/04/22 15:38:24 | 000,258,569 | ---- | M] () -- C:\Traffic.jpg
[2002/04/22 15:30:20 | 000,180,211 | ---- | M] () -- C:\Tram.jpg
[1998/05/14 12:18:42 | 000,003,446 | ---- | M] () -- C:\Tree of Life.lay
[2002/04/17 14:40:34 | 000,003,426 | ---- | M] () -- C:\Tree.lay
[2002/04/12 09:45:34 | 000,216,529 | ---- | M] () -- C:\Tropical Fish.jpg
[2002/04/22 11:50:56 | 000,220,735 | ---- | M] () -- C:\Tropical Storm.jpg
[2002/04/19 17:11:34 | 000,250,854 | ---- | M] () -- C:\Tropical.jpg
[2002/04/23 17:06:04 | 000,000,147 | ---- | M] () -- C:\Tropical.txt
[2002/04/24 11:23:52 | 000,018,915 | ---- | M] () -- C:\Trouble-de.rtf
[2002/04/24 11:24:02 | 000,018,880 | ---- | M] () -- C:\Trouble-es.rtf
[2002/04/29 12:20:08 | 000,022,789 | ---- | M] () -- C:\trouble-fr.rtf
[2002/04/24 11:24:28 | 000,018,404 | ---- | M] () -- C:\trouble-it.rtf
[2002/04/24 11:24:46 | 000,022,319 | ---- | M] () -- C:\Trouble-po.rtf
[2002/04/29 12:18:42 | 000,021,311 | ---- | M] () -- C:\trouble.rtf
[2002/04/22 12:02:38 | 000,271,432 | ---- | M] () -- C:\Tulip Field.jpg
[2002/04/01 13:58:10 | 000,003,426 | ---- | M] () -- C:\Turtle.lay
[2002/04/08 14:45:08 | 000,087,169 | ---- | M] () -- C:\Tusky.jpg
[2002/04/18 15:54:30 | 000,162,275 | ---- | M] () -- C:\Tweed.jpg
[2002/04/18 15:42:24 | 000,582,051 | ---- | M] () -- C:\Tweed2.jpg
[2002/04/22 14:19:32 | 000,252,175 | ---- | M] () -- C:\Tweed3.jpg
[2002/04/22 11:55:16 | 000,119,928 | ---- | M] () -- C:\Twilight.jpg
[1999/09/09 01:38:36 | 000,003,461 | ---- | M] () -- C:\Twin Temples.lay
[2002/04/19 16:43:24 | 000,158,455 | ---- | M] () -- C:\Two Hot Rods.jpg
[2002/04/19 16:43:24 | 000,158,455 | ---- | M] () -- C:\Two.jpg
[2002/04/15 13:50:12 | 000,033,797 | ---- | M] () -- C:\ultra_wave1.jpg
[2002/04/15 14:13:02 | 000,037,327 | ---- | M] () -- C:\ultra_wave10.jpg
[2002/04/15 14:14:04 | 000,027,862 | ---- | M] () -- C:\ultra_wave11.jpg
[2002/04/15 14:14:00 | 000,027,894 | ---- | M] () -- C:\ultra_wave12.jpg
[2002/04/15 14:13:58 | 000,028,369 | ---- | M] () -- C:\ultra_wave13.jpg
[2002/04/15 14:13:54 | 000,021,252 | ---- | M] () -- C:\ultra_wave14.jpg
[2002/04/15 14:13:48 | 000,030,489 | ---- | M] () -- C:\ultra_wave15.jpg
[2002/04/15 13:53:50 | 000,032,082 | ---- | M] () -- C:\ultra_wave2.jpg
[2002/04/15 14:05:16 | 000,027,123 | ---- | M] () -- C:\ultra_wave3.jpg
[2002/04/15 14:03:18 | 000,034,065 | ---- | M] () -- C:\ultra_wave4.jpg
[2002/04/15 14:12:14 | 000,037,248 | ---- | M] () -- C:\ultra_wave5.jpg
[2002/04/15 14:07:18 | 000,038,562 | ---- | M] () -- C:\ultra_wave6.jpg
[2002/04/15 14:13:10 | 000,039,399 | ---- | M] () -- C:\ultra_wave7.jpg
[2002/04/15 14:13:14 | 000,032,904 | ---- | M] () -- C:\ultra_wave8.jpg
[2002/04/15 14:13:06 | 000,025,479 | ---- | M] () -- C:\ultra_wave9.jpg
[2002/04/01 16:19:38 | 000,003,426 | ---- | M] () -- C:\Umbrella.lay
[2002/04/10 09:50:32 | 000,364,252 | ---- | M] () -- C:\Universe.jpg
[1999/06/25 11:55:30 | 000,149,504 | ---- | M] () -- C:\UNWISE.EXE
[2009/02/06 16:51:03 | 000,000,029 | ---- | M] () -- C:\UNWISE.INI
[2002/04/18 14:38:32 | 000,003,426 | ---- | M] () -- C:\Up and Down.lay
[2002/04/22 11:50:12 | 000,262,831 | ---- | M] () -- C:\USA Topographic.jpg
[2002/01/30 11:40:32 | 000,005,030 | ---- | M] () -- C:\using.gif
[2002/01/30 11:40:44 | 000,005,195 | ---- | M] () -- C:\usingon.gif
[2002/04/22 14:54:30 | 000,239,004 | ---- | M] () -- C:\Valentine.jpg
[2002/04/19 17:13:42 | 000,344,888 | ---- | M] () -- C:\Various.jpg
[2002/04/01 14:22:42 | 000,003,426 | ---- | M] () -- C:\Vase.lay
[2000/11/10 20:01:22 | 000,034,710 | ---- | M] () -- C:\Vein.bmp
[2002/04/22 15:25:04 | 000,262,010 | ---- | M] () -- C:\Veins.jpg
[2002/04/15 11:06:08 | 000,023,892 | ---- | M] () -- C:\Vertical Block.jpg
[2002/04/15 11:06:08 | 000,023,892 | ---- | M] () -- C:\verticalbrick.jpg
[2002/04/12 09:47:14 | 000,243,652 | ---- | M] () -- C:\Victorian Floral.jpg
[1998/11/20 16:04:26 | 000,003,443 | ---- | M] () -- C:\Victory Arrow.lay
[2002/04/15 13:50:04 | 000,016,490 | ---- | M] () -- C:\vinyl1.jpg
[2002/04/15 14:13:02 | 000,018,320 | ---- | M] () -- C:\vinyl10.jpg
[2002/04/15 14:13:52 | 000,013,721 | ---- | M] () -- C:\vinyl11.jpg
[2002/04/15 14:14:04 | 000,013,859 | ---- | M] () -- C:\vinyl12.jpg
[2002/04/15 14:14:00 | 000,014,148 | ---- | M] () -- C:\vinyl13.jpg
[2002/04/15 14:13:58 | 000,010,809 | ---- | M] () -- C:\vinyl14.jpg
[2002/04/15 14:13:54 | 000,015,228 | ---- | M] () -- C:\vinyl15.jpg
[2002/04/15 13:56:24 | 000,015,715 | ---- | M] () -- C:\vinyl2.jpg
[2002/04/15 14:04:00 | 000,013,133 | ---- | M] () -- C:\vinyl3.jpg
[2002/04/15 14:05:10 | 000,016,759 | ---- | M] () -- C:\vinyl4.jpg
[2002/04/15 14:11:10 | 000,018,320 | ---- | M] () -- C:\vinyl5.jpg
[2002/04/15 14:12:14 | 000,018,986 | ---- | M] () -- C:\vinyl6.jpg
[2002/04/15 14:13:10 | 000,019,501 | ---- | M] () -- C:\vinyl7.jpg
[2002/04/15 14:13:12 | 000,016,462 | ---- | M] () -- C:\vinyl8.jpg
[2002/04/15 14:13:10 | 000,012,281 | ---- | M] () -- C:\vinyl9.jpg
[2002/04/15 09:03:50 | 000,017,931 | ---- | M] () -- C:\wallpaper.jpg
[2000/10/25 11:45:44 | 000,431,845 | ---- | M] () -- C:\walnut.jpg
[2002/04/22 12:16:28 | 000,176,042 | ---- | M] () -- C:\Watch.jpg
[2002/04/22 12:18:26 | 000,182,093 | ---- | M] () -- C:\Watches.jpg
[2002/04/19 15:46:16 | 000,155,835 | ---- | M] () -- C:\Water.jpg
[2000/10/25 11:45:40 | 000,425,950 | ---- | M] () -- C:\Watercolor.jpg
[2002/04/19 16:07:50 | 000,248,190 | ---- | M] () -- C:\Waterfall.jpg
[2002/04/22 14:01:28 | 000,095,283 | ---- | M] () -- C:\Wave.jpg
[1999/01/07 10:24:50 | 000,003,440 | ---- | M] () -- C:\Wavelets.lay
[2002/04/15 11:49:04 | 000,019,094 | ---- | M] () -- C:\Weathered Wood.jpg
[2002/04/23 15:53:42 | 000,000,162 | ---- | M] () -- C:\Weathered Wood.txt
[2002/04/19 16:00:54 | 000,239,559 | ---- | M] () -- C:\Weathered.jpg
[2002/04/15 11:49:04 | 000,019,094 | ---- | M] () -- C:\weatheredwood.jpg
[2002/01/30 03:32:58 | 000,001,810 | ---- | M] () -- C:\web.gif
[2002/02/07 10:17:40 | 000,006,649 | ---- | M] () -- C:\web.htm
[2002/01/30 03:38:28 | 000,001,905 | ---- | M] () -- C:\webdown.gif
[2002/01/30 03:37:44 | 000,001,883 | ---- | M] () -- C:\webon.gif
[2002/04/22 15:02:24 | 000,192,738 | ---- | M] () -- C:\Wheel.jpg
[2002/04/16 11:24:52 | 000,350,462 | ---- | M] () -- C:\White Ash.jpg
[2002/04/19 09:15:30 | 000,536,036 | ---- | M] () -- C:\White Cotton.jpg
[2000/03/07 15:04:26 | 000,072,162 | ---- | M] () -- C:\White Dominoes.jpg
[2002/04/16 11:30:34 | 000,363,862 | ---- | M] () -- C:\White Granite.jpg
[2002/04/19 10:51:32 | 000,326,949 | ---- | M] () -- C:\White Satin.jpg
[2002/04/22 14:29:20 | 000,195,344 | ---- | M] () -- C:\White Squiggle.jpg
[2002/04/19 17:13:00 | 000,255,190 | ---- | M] () -- C:\White.jpg
[2000/05/14 13:50:46 | 000,034,710 | ---- | M] () -- C:\Widow.bmp
[2002/04/22 13:57:32 | 000,157,278 | ---- | M] () -- C:\Winding Road.jpg
[2002/04/09 06:05:40 | 000,001,312 | ---- | M] () -- C:\window.htm
[2002/01/14 07:42:26 | 000,004,066 | ---- | M] () -- C:\windowbar.gif
[2002/04/22 12:11:30 | 000,182,346 | ---- | M] () -- C:\Windows.jpg
[2000/06/20 01:51:06 | 000,001,455 | ---- | M] () -- C:\Wood 2.jpg
[2002/04/19 15:59:38 | 000,232,088 | ---- | M] () -- C:\Wood Knot.jpg
[2002/04/12 16:59:52 | 000,030,951 | ---- | M] () -- C:\Wood Panel.jpg
[1999/08/10 14:47:46 | 000,070,448 | ---- | M] () -- C:\Wood.jpg
[2002/04/23 17:07:52 | 000,000,152 | ---- | M] () -- C:\Wood.txt
[2002/04/22 14:53:02 | 000,249,459 | ---- | M] () -- C:\Wood2.jpg
[2002/04/12 16:59:52 | 000,030,951 | ---- | M] () -- C:\woodpanel.jpg
[2002/04/12 08:47:34 | 000,377,779 | ---- | M] () -- C:\Woods.jpg
[2002/04/12 08:48:04 | 000,365,319 | ---- | M] () -- C:\Woodsy.jpg
[2002/04/12 08:48:36 | 000,372,881 | ---- | M] () -- C:\Woodsy2.jpg
[2002/04/12 08:48:52 | 000,365,244 | ---- | M] () -- C:\Woodsy3.jpg
[2002/04/19 16:34:38 | 000,159,191 | ---- | M] () -- C:\Woody.jpg
[2002/04/22 13:52:50 | 000,137,700 | ---- | M] () -- C:\World Map.jpg
[2002/04/22 14:05:36 | 000,216,417 | ---- | M] () -- C:\Wreath.jpg
[2002/04/03 17:55:32 | 000,003,426 | ---- | M] () -- C:\X Marks the Spot.lay
[2002/01/14 07:35:14 | 000,001,055 | ---- | M] () -- C:\x.gif
[2002/04/12 08:53:28 | 000,323,746 | ---- | M] () -- C:\Yellow Jade.jpg
[2002/04/16 11:32:00 | 000,303,689 | ---- | M] () -- C:\Yellow Marble.jpg
[2002/04/22 12:24:12 | 000,157,683 | ---- | M] () -- C:\Yellow Parrot.jpg
[2002/04/16 11:33:44 | 000,335,785 | ---- | M] () -- C:\Yellow Pine.jpg
[2002/04/19 17:15:20 | 000,273,264 | ---- | M] () -- C:\Yellow Roses.jpg
[2002/04/22 15:23:30 | 000,312,668 | ---- | M] () -- C:\Yellow.jpg
[1999/04/14 00:04:18 | 000,003,437 | ---- | M] () -- C:\Yin and Yang.lay
[2000/10/25 11:45:36 | 000,189,387 | ---- | M] () -- C:\YinYang.jpg
[1998/11/20 16:04:18 | 000,003,435 | ---- | M] () -- C:\Yummy.lay
[2002/04/19 17:04:08 | 000,228,025 | ---- | M] () -- C:\Zebra Herd.jpg
[2002/04/19 17:03:52 | 000,238,262 | ---- | M] () -- C:\Zebra.jpg
[2000/08/29 11:47:38 | 000,196,570 | ---- | M] () -- C:\Zen.jpg
[2000/10/16 00:30:34 | 000,003,442 | ---- | M] () -- C:\Zodiac - Aquarius.lay
[2000/10/16 00:30:34 | 000,003,439 | ---- | M] () -- C:\Zodiac - Aries.lay
[2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Zodiac - Cancer.lay
[2000/10/16 00:30:34 | 000,003,445 | ---- | M] () -- C:\Zodiac - Capricorn.lay
[2000/10/16 00:30:34 | 000,003,442 | ---- | M] () -- C:\Zodiac - Gemini.lay
[2000/10/16 00:30:34 | 000,003,437 | ---- | M] () -- C:\Zodiac - Leo.lay
[2000/10/16 00:30:34 | 000,003,439 | ---- | M] () -- C:\Zodiac - Libra.lay
[2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Zodiac - Pisces.lay
[2000/10/16 00:30:34 | 000,003,445 | ---- | M] () -- C:\Zodiac - Sagittarius.lay
[2000/10/16 00:30:34 | 000,003,441 | ---- | M] () -- C:\Zodiac - Scorpio.lay
[2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Zodiac - Taurus.lay
[2000/10/16 00:30:34 | 000,003,439 | ---- | M] () -- C:\Zodiac - Virgo.lay

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/09/24 08:06:31 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/09/23 12:07:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/09/23 12:07:15 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/09/23 12:07:15 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/10/27 11:35:33 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/04 17:34:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/09/24 08:12:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/22 18:39:02 | 004,159,359 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/01/21 20:45:08 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mseinstall.exe
[2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/16 15:28:15 | 013,894,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Quicken_WillMaker_Plus_2011.exe
[2011/01/17 20:27:04 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdasetup.exe

< %PROGRAMFILES%\Common Files\*.* >
[2007/01/09 14:35:30 | 003,035,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\AdvrCntr2.dll

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/09/27 07:51:23 | 000,947,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CIT207355-HPCOM-PATCH-v8.exe
[2009/09/27 07:54:52 | 000,129,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\COL4425en.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2001/08/30 04:30:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/24 15:01:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/24 07:48:54 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2007/04/02 12:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 12:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 12:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

OTL Extras logfile created on: 1/24/2011 7:50:58 AM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 360.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 115.89 Gb Total Space | 77.26 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
Drive G: | 149.04 Gb Total Space | 112.42 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive H: | 115.50 Gb Total Space | 114.87 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
Drive I: | 116.62 Gb Total Space | 116.55 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive J: | 117.75 Gb Total Space | 117.68 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: RETIREE-S4NG95R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabledxpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabledxpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabledxpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabledxpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabledxpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabledxpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"9212:TCP" = 9212:TCP:*:Enabled:SkyCaddie Desktop
"9210:UDP" = 9210:UDP:*:Enabled:SkyCaddie Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{392D84D0-EAA2-012B-ADD8-000000000000}" = TurboTax 2009 wlaiper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73966F0C-0541-4B1B-B352-6012ABC17D9F}" = ShopSafe
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87358FDB-7A27-4F53-9BFB-1566FA03A9C5}" = ShopSafe
"{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel(R) Network Connections 14.0.40.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CDC6712-AF80-459E-911F-F1E156CB0AB0}" = hp deskjet 5600
"{8D9E93D2-049D-4E9D-B263-13216E20EF1F}" = G3 Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B8E952E3-A823-443A-8493-39A0CCE0E3EB}" = HP Photo and Imaging 1.0 - Scanjet 3500c Series
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F20211A6-DCCE-4A4A-87E6-638717417B48}" = TurboTax 2010 wlaiper
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3D-Album-ST" = 3D-Album PicturePro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belarc Advisor" = Belarc Advisor 8.1
"BTH2 Uninstall" = Beat The House v2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Family Lawyer 2000" = Family Lawyer 2000
"FileZilla Client" = FileZilla Client 3.2.3.1
"Gadwin PrintScreen" = Gadwin PrintScreen
"Gateway Desktop Manager" = Gateway Desktop Manager
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"Gateway Power Management" = Gateway Power Management
"Greeting Card Creator 32" = Greeting Card Creator 32
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"hp instant support" = hp instant support
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"Legal Search" = Legal Search
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = SureThing CD Labeler 4 SE
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"RegCure" = RegCure
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"SkyCaddieDesktop" = SkyCaddie Desktop
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Visviva Animation Player" = Visviva Animation Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2011 12:15:54 PM | Computer Name = RETIREE-S4NG95R | Source = Windows Search Service | ID = 3013
Description =

Error - 1/21/2011 12:15:54 PM | Computer Name = RETIREE-S4NG95R | Source = Windows Search Service | ID = 3013
Description =

Error - 1/21/2011 10:19:19 PM | Computer Name = RETIREE-S4NG95R | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 1/21/2011 10:49:22 PM | Computer Name = RETIREE-S4NG95R | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/21/2011 11:14:54 PM | Computer Name = RETIREE-S4NG95R | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
4, P5 1, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/22/2011 6:27:12 PM | Computer Name = RETIREE-S4NG95R | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 1/23/2011 7:28:08 PM | Computer Name = RETIREE-S4NG95R | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 1/23/2011 9:26:22 PM | Computer Name = RETIREE-S4NG95R | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 1/23/2011 11:15:31 PM | Computer Name = RETIREE-S4NG95R | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8107.0, P3 timeout, P4 1.1.6502.0, P5 fixed, P6 1 _ 1024, P7 10 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 1/24/2011 9:26:30 AM | Computer Name = RETIREE-S4NG95R | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

[ System Events ]
Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 9:21:00 PM | Computer Name = RETIREE-S4NG95R | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 10:08:03 PM | Computer Name = RETIREE-S4NG95R | Source = IdeChnDr | ID = 262153
Description = The device, \Device\Ide\IdeDeviceP0T0L0, did not respond within the
timeout period.

Error - 1/23/2011 11:00:15 PM | Computer Name = RETIREE-S4NG95R | Source = IdeChnDr | ID = 262153
Description = The device, \Device\Ide\IdeDeviceP0T0L0, did not respond within the
timeout period.

Error - 1/24/2011 9:52:05 AM | Computer Name = RETIREE-S4NG95R | Source = IdeChnDr | ID = 262153
Description = The device, \Device\Ide\IdeDeviceP0T0L0, did not respond within the
timeout period.


< End of report >

 

Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

In obtaining the previous postings of the requested log files, I forgot to close the window to this site before running the programs. If I need to redo please advise.

As to the McAfee program, I had removed it with the remove programs from my control panel and also removed it at least twice with your recommended appremover program, but I am still getting warnings about having two virus checkers operating on my computer. I don't understand why this is happening.

As to RegCure, the reason I purchased this program was because I contacted Microsoft about some computer problem I was having two years ago. I expected the support people to give me some directions but what they suggested was that I download and run RegCure. I don't mind taking it off if you feel I should.

Thanks for your help.

baldcajun

 

Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

Broni,

Yes I did use that program, but not before going through some difficulties when I was trying to download and run ComboFix. My first mistake was that when I downloaded the ComboFix file, it did not go to my desktop but to a folder on my C drive. I then moved it to my desktop before running it.

As requested I closed and disabled my McAfee programs as requested. I think when I tried running the ComboFix program I got the message that McAfee was still running even though I checked the program and it showed I had disabled it as requested.

At this point I felt no alternative but to remove McAfee from my computer by uninstalling it via the program removal located under the control panel. When I highlighted the McAfee program and clicked on remove, the program disappeared from the listing of all the programs on my computer.

I was still getting the message from ComboFix I believe that McAfee was still active.

I then read at the bottom of your posting about using the appremover to remove AVG program. I then tried that program to uninstall McAfee and it appeared to run properly indicating that McAfee had been successfully removed.

Not wanting to access the internet without virus and malware protection, I recalled reading on your site about 26% of your members responding to your survey about which anti-virus programs they were using said they used Microsoft Security Essentials. I then downloaded this program and installed it.

As mentioned in the first paragraph of this posting my first download of ComboFix went to a C drive folder named Downloads. After moving the file to my desktop and running ComboFix it ran all the way up to where it was preparing the text files and it stopped and did nothing for the next 30 minutes. Wanting to provide you with some information, I went to Windows Explorer and found a text file which I posted and you answered that it was not complete. You requested that I repost.

I found the reason the file went to my C drive was that Mozilla Firefox default destination is a Download Folder. I found that Windows Internet Explorer does download to my desktop.

After that operation I did download and run the file located at http://www.softpedia.com/get/Tweak/U...val-Tool.shtml

I don't remember exactly what happened the first time I ran this program, but it must have hung up. I downloaded it again and tried to run it and I get the message that "cleanup failed, cleanup is already running ".

So I downloaded ComboFix again, this time to my desktop as requested. Ran the file and it produced the requested text files and posted them as requested even though McAfee was still on my machine.

My question now is how can I get the cleanup file you wanted me to run in the first place to work so that I can find out if it will get rid of the McAfee files that are still on my computer.

Your help is greatly appreciated.

baldcajun

 

Broni,

I followed your directions precisely. I got through to the point of running OTL where it rebooted my machine and displayed the text file. When I tried to access the internet a message came up saying "Encountered a problem and needs to close ". The message referred to jusched.exe. "

I tried both of my internet browsers and neither one could connect. I am on my wife's laptop computer sending this message. I have tried rebooting a couple of times and I keep getting the message that the server of the internet providers cannot be found.

I checked all the connections as suggested and found nothing wrong. The fact that I am using this laptop via wireless connection shows my router and cable modem must be alright.

Can you please tell me what to try next.

Thanks,

baldcajun

 

Broni,

I am now back on my desktop computer. Do I start over with your recommendations with updating the Java version and continue on from there?

Thanks for your prompt response.

Please advise.

baldcajun

 

Broni,

I did the Java update and downloaded the recommended file. The only McAfee file it showed was the McAfee Virtual Technician. There is another file, Driver Detective that I tried also to uninstall and both gave me the message that the installation file could not be found.

What next?

baldcajun

 

Broni,

Sorry I am just now answering as I had to leave home for almost 3 hours.

I ran the Java update again after I restored my computer to yesterday's restore point. I then ran OTL again and ended up with the same results, I could not access the internet. But before restoring again, I saved a copy of the text file that OTL made and attached it. My computer is now at yesterday's restore point. I will await further instructions from you.

Thanks
baldcajun




========== OTL ==========
Unable to kill active process mfefire.exe!
Unable to kill active process mcshield.exe!
Process mfevtps.exe killed successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service McODS stopped successfully!
Service McODS deleted successfully!
Service mfefire stopped successfully!
Service mfefire deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe scheduled to be moved on reboot.
Error: No service named McShield was found to stop!
Unable to delete service\driver key McShield.
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe scheduled to be moved on reboot.
Error: No service named mfevtp was found to stop!
Unable to delete service\driver key mfevtp.
C:\WINDOWS\system32\mfevtps.exe moved successfully.
Service McProxy stopped successfully!
Service McProxy deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe scheduled to be moved on reboot.
Service McNASvc stopped successfully!
Service McNASvc deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe scheduled to be moved on reboot.
Service McNaiAnn stopped successfully!
Service McNaiAnn deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe scheduled to be moved on reboot.
Service mcmscsvc stopped successfully!
Service mcmscsvc deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe scheduled to be moved on reboot.
Service McMPFSvc stopped successfully!
Service McMPFSvc deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe scheduled to be moved on reboot.
Service McAfee SiteAdvisor Service stopped successfully!
Service McAfee SiteAdvisor Service deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe scheduled to be moved on reboot.
Error: Unable to stop service mfehidk!
Unable to delete service\driver key mfehidk.
File move failed. C:\WINDOWS\system32\drivers\mfehidk.sys scheduled to be moved on reboot.
Service mfefirek stopped successfully!
Service mfefirek deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\mfefirek.sys scheduled to be moved on reboot.
Error: Unable to stop service mfeavfk!
Unable to delete service\driver key mfeavfk.
File move failed. C:\WINDOWS\system32\drivers\mfeavfk.sys scheduled to be moved on reboot.
Error: Unable to stop service mfeapfk!
Unable to delete service\driver key mfeapfk.
File move failed. C:\WINDOWS\system32\drivers\mfeapfk.sys scheduled to be moved on reboot.
Error: Unable to stop service mfendiskmp!
Unable to delete service\driver key mfendiskmp.
File move failed. C:\WINDOWS\system32\drivers\mfendisk.sys scheduled to be moved on reboot.
Service mfendisk stopped successfully!
Service mfendisk deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\mfendisk.sys scheduled to be moved on reboot.
Service mferkdet stopped successfully!
Service mferkdet deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\mferkdet.sys scheduled to be moved on reboot.
Error: Unable to stop service mfetdi2k!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdi2k deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\mfetdi2k.sys scheduled to be moved on reboot.
Service cfwids stopped successfully!
Service cfwids deleted successfully!
C:\WINDOWS\system32\drivers\cfwids.sys moved successfully.
Error: Unable to stop service mfebopk!
Unable to delete service\driver key mfebopk.
File move failed. C:\WINDOWS\system32\drivers\mfebopk.sys scheduled to be moved on reboot.
Service mfesmfk stopped successfully!
Service mfesmfk deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\mfesmfk.sys scheduled to be moved on reboot.
Service mferkdk stopped successfully!
Service mferkdk deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\mferkdk.sys scheduled to be moved on reboot.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7082FAA-CB62-4872-9106-E42DD88EDE45}\ not found.
C:\Program Files\McAfee\SiteAdvisor\Download folder moved successfully.
C:\Program Files\McAfee\SiteAdvisor folder moved successfully.
Folder C:\PROGRAM FILES\MCAFEE\SITEADVISOR\ not found.
File move failed. C:\Program Files\Mozilla Firefox\components\Scriptff.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110121101056.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\www.update\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\windows\Downloaded Program Files\wvc1dmo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File move failed. C:\WINDOWS\system32\drivers\mfeclnk.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\mfefirek.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\mfendisk.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\mferkdet.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\mfetdi2k.sys scheduled to be moved on reboot.
File C:\windows\System32\drivers\cfwids.sys not found.
File C:\windows\System32\mfevtps.exe not found.
File C:\windows\tasks\McAfee Cleanup.job not found.
File C:\0.bak not found.
File C:\0 not found.
C:\Documents and Settings\All Users\Application Data\RegCure folder moved successfully.
File C:\windows\Tasks\RegCure Program Check.job not found.
File C:\windows\Tasks\RegCure.job not found.
File C:\windows\tasks\RegCure Program Check.job not found.

OTL by OldTimer - Version 3.2.20.5 log created on 01252011_141944

Files\Folders moved on Reboot...
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe moved successfully.
C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe moved successfully.
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe moved successfully.
C:\WINDOWS\system32\drivers\mfehidk.sys moved successfully.
C:\WINDOWS\system32\drivers\mfefirek.sys moved successfully.
C:\WINDOWS\system32\drivers\mfeavfk.sys moved successfully.
C:\WINDOWS\system32\drivers\mfeapfk.sys moved successfully.
C:\WINDOWS\system32\drivers\mfendisk.sys moved successfully.
C:\WINDOWS\system32\drivers\mferkdet.sys moved successfully.
C:\WINDOWS\system32\drivers\mfetdi2k.sys moved successfully.
C:\WINDOWS\system32\drivers\mfebopk.sys moved successfully.
C:\WINDOWS\system32\drivers\mfesmfk.sys moved successfully.
C:\WINDOWS\system32\drivers\mferkdk.sys moved successfully.
C:\Program Files\Mozilla Firefox\components\Scriptff.dll moved successfully.
C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110121101056.dll moved successfully.
C:\WINDOWS\system32\drivers\mfeclnk.sys moved successfully.

Registry entries deleted on Reboot...

 

Broni,

Thank you for your reply. I have looked back at my responses to your instructions and I found where I made two mistakes. The first was when I downloaded the Revo program, I downloaded the free, 30 day trial of the Revo Pro version. The second mistake was not paying attention to your instruction to use the custom script from your reply #16, unfortunately I had simply assumed you were referring to the custom script you supplied on reply # 26.

I am sorry for these errors, but I must admit I am somewhat distracted because my wife had just been diagnosed with a brain tumor which is scheduled to be removed this Friday, January 28.

Please let me know if you can overcome these errors of mine.

baldcajun

 

Broni,

I will have to quit for tonight. I can't think straight. I will continue with my postings tomorrow morning.

I did check the Rev Pro web site and it is fully functional for 30 days. I did run it after downloading.

I am a little confused right now. I ran the OTL program with your custom scripts from your reply#16 and I clicked on scan and I got two log files instead of just one. Is that correct?

baldcajun

 

Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

OTL logfile created on: 1/25/2011 9:34:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 230.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 115.89 Gb Total Space | 76.62 Gb Free Space | 66.12% Space Free | Partition Type: NTFS
Drive G: | 149.04 Gb Total Space | 112.42 Gb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive H: | 115.50 Gb Total Space | 114.87 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
Drive I: | 116.62 Gb Total Space | 116.55 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive J: | 117.75 Gb Total Space | 117.68 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: RETIREE-S4NG95R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/12/10 17:59:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 17:59:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/01 10:39:38 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/02/15 09:13:30 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\WINDOWS\system32\obroker.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 18:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2001/01/03 13:50:56 | 000,066,048 | ---- | M] (Silitek Corporation) -- C:\WINDOWS\system32\SK9910DM.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/12 20:38:43 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - File not found [On_Demand | Stopped] -- -- (McODS)
SRV - File not found [Disabled | Stopped] -- -- (BabylonIM Coordinator)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/04 10:26:14 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl3c0b6e10)
DRV - [2011/01/25 17:26:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D9DC7C20-50CF-4483-A9DB-04BD0C1E1462}\MpKsl2fc292bb.sys -- (MpKsl2fc292bb)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/01/22 16:06:34 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/04/13 13:09:00 | 000,204,160 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/07/27 16:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 16:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 16:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2005/05/27 08:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/08 10:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/30 20:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/10/14 23:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R)
DRV - [2002/10/14 23:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/05/06 18:13:00 | 001,106,464 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2002/04/11 18:02:00 | 000,991,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/04/11 18:02:00 | 000,834,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/04/11 18:02:00 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/04/11 18:02:00 | 000,195,268 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/04/11 18:02:00 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/04/11 18:02:00 | 000,114,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/11 18:02:00 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/02/28 08:26:46 | 000,643,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2002/02/28 08:24:46 | 000,110,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2001/08/17 07:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/01 15:36:18 | 000,348,169 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2000/09/11 23:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
DRV - [2000/09/11 17:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sk99202k.sys -- (Sk99202k)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/greaterlouisiana/home.cox
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon) "
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=14055 "
FF - prefs.js..browser.search.order.1: "Search the web (Babylon) "
FF - prefs.js..browser.search.selectedEngine: "Yahoo "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.windowsbbs.com/malware-virus-removal/97421-active-trojan-agent-trojan-fakealert-worm-autorun-b-pum-hijack.html "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: shopsafe@orbiscom:3.4.10.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q= "
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1 "

FF - HKLM\software\mozilla\Firefox\Extensions\\shopsafe@orbiscom: C:\Program Files\ShopSafe [2010/05/04 22:27:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/12 20:38:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/25 17:13:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/25 17:13:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/25 17:13:39 | 000,000,000 | ---D | M]

[2010/01/21 14:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/01/25 17:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\extensions
[2010/04/27 16:03:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/01 11:27:37 | 000,000,000 | ---D | M] ( "BetterPrivacy ") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/07/16 17:53:55 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kl2i02o1.default\searchplugins\live-search.xml
[2011/01/25 17:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/25 17:13:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}(2)
[2010/07/12 20:38:45 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/01/21 15:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/04 22:27:43 | 000,000,000 | ---D | M] (ShopSafe) -- C:\PROGRAM FILES\SHOPSAFE
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2011/01/21 09:17:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ShopSafeBrowserHelper Class) - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files\ShopSafe\BhoSSafe.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110121101056.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] C:\windows\System32\SK9910DM.EXE (Silitek Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255116240875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234735909296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.30.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/24 08:07:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/24 08:07:05 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\windows\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

 

Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack.StartMenu

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/25 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/01/25 13:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group
[2011/01/25 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/25 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/25 11:04:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/25 10:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\JavaRa
[2011/01/25 10:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/25 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/25 10:45:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/01/25 10:45:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/01/25 10:45:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/01/24 07:47:27 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/23 19:24:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/22 17:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ComboFix
[2011/01/21 21:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/01/21 20:52:53 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/01/21 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/21 20:45:08 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mseinstall.exe
[2011/01/21 11:18:38 | 000,000,000 | ---D | C] -- C:\Floyd's ComboFix files
[2011/01/21 10:10:56 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeclnk.sys
[2011/01/21 10:10:48 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfefirek.sys
[2011/01/21 10:10:48 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfendisk.sys
[2011/01/21 10:10:48 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdet.sys
[2011/01/21 10:10:48 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfetdi2k.sys
[2011/01/21 10:10:48 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\cfwids.sys
[2011/01/21 10:05:00 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\mfevtps.exe
[2011/01/21 09:07:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/21 09:05:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/01/21 09:05:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/01/21 09:05:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/01/21 09:05:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/01/21 08:49:19 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/21 08:48:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/17 19:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer
[2011/01/17 13:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/01/16 15:33:03 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\windows\System32\cdintf400.dll
[2011/01/16 15:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2011
[2011/01/16 15:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/01/16 10:44:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
[2011/01/16 10:10:09 | 000,000,000 | ---D | C] -- C:\office uninstall tool
[2011/01/11 17:07:32 | 000,000,000 | --SD | C] -- C:\windows\Downloaded Program Files
[2011/01/11 14:42:24 | 000,000,000 | ---D | C] -- C:\EmergencyUtils
[2011/01/10 17:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/01/10 17:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/10 17:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/01/10 17:03:35 | 000,000,000 | ---D | C] -- C:\windows\Debug
[2011/01/10 12:10:36 | 000,000,000 | -HSD | C] -- C:\windows\TEMP
[2011/01/10 12:10:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies
[2009/09/28 15:02:42 | 003,035,136 | ---- | C] (Nero AG) -- C:\Program Files\Common Files\AdvrCntr2.dll
[2007/04/09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\windows\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/01/25 21:46:05 | 000,000,390 | -H-- | M] () -- C:\windows\tasks\MpIdleTask.job
[2011/01/25 19:22:22 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1383384898-682003330-1003.job
[2011/01/25 19:22:22 | 000,000,278 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1383384898-682003330-1003.job
[2011/01/25 17:20:17 | 000,000,424 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/01/25 17:14:58 | 000,000,280 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/01/25 17:14:49 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/25 17:14:48 | 795,660,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/25 17:14:03 | 000,023,244 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
[2011/01/25 17:14:03 | 000,023,244 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
[2011/01/25 17:14:03 | 000,018,648 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
[2011/01/25 17:14:03 | 000,018,648 | ---- | M] () -- C:\windows\System32\BMXState-{00000001-00000000-00000002-00001102-00000004-00581102}.rfx
[2011/01/25 17:14:03 | 000,001,080 | ---- | M] () -- C:\windows\System32\settingsbkup.sfm
[2011/01/25 17:14:03 | 000,001,080 | ---- | M] () -- C:\windows\System32\settings.sfm
[2011/01/25 17:14:03 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCStateBkp-{00000001-00000000-00000002-00001102-00000004-00581102}.dat
[2011/01/25 17:14:03 | 000,000,024 | ---- | M] () -- C:\windows\System32\DVCState-{00000001-00000000-00000002-00001102-00000004-00581102}.dat
[2011/01/25 12:54:42 | 000,013,668 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/01/25 10:57:01 | 000,159,757 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/01/24 14:51:47 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Files McAfee Babylon SkyCaddie to be removed.doc
[2011/01/24 14:26:44 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Files McAfee Babylon SkyCaddie to be removed.doc
[2011/01/24 13:40:57 | 000,474,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL logfile created on.doc
[2011/01/24 07:47:47 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/22 19:52:11 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GOLF HANDICAP CALCULATIONS.xls
[2011/01/22 19:50:39 | 000,259,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Golf Bets.xls
[2011/01/22 18:39:02 | 004,159,359 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/01/21 20:49:36 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/01/21 20:45:08 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mseinstall.exe
[2011/01/21 18:34:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/01/21 10:18:02 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/01/21 09:56:34 | 000,000,217 | RHS- | M] () -- C:\boot.ini
[2011/01/21 09:50:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/01/21 09:17:37 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/01/18 16:15:53 | 000,968,192 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GIN SCORES.xls
[2011/01/18 13:30:13 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Logs for submission to Windowsbbs.doc
[2011/01/18 13:02:34 | 000,255,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/17 20:27:04 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdasetup.exe
[2011/01/17 13:48:14 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/01/17 10:54:24 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Patrick Thomas Toups.doc
[2011/01/17 10:10:35 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/01/16 17:55:12 | 027,918,336 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Qdata1 20090303new1_200903201_20090511_20090512_20090529_20090618_20090621_20090626_20090807_20090817_20090825_2009082611_201007251-2011-01-16.QDF-backup
[2011/01/16 15:33:02 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
[2011/01/16 15:32:56 | 000,000,165 | ---- | M] () -- C:\windows\QUICKEN.INI
[2011/01/16 15:28:15 | 013,894,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Quicken_WillMaker_Plus_2011.exe
[2011/01/15 19:47:07 | 000,214,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Paper jams LaserJet 4L.doc
[2011/01/15 16:59:05 | 000,000,278 | ---- | M] () -- C:\windows\hpqcopy.INI
[2011/01/14 12:50:23 | 000,215,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Belarc Analysis 1 14 2011.htm
[2011/01/12 17:42:45 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\THE ANGELUS.doc
[2011/01/11 18:00:08 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2011/01/11 17:24:54 | 119,976,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\registry back up 1 11 2011.reg
[2011/01/10 13:37:26 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/09 19:08:10 | 000,001,891 | ---- | M] () -- C:\windows\imsins.BAK
[2011/01/07 17:04:18 | 001,260,519 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Patrick from Kelly 1-7-11.jpg
[2011/01/01 19:29:25 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Group Handicaps.xls

========== Files Created - No Company Name ==========

[2011/01/25 10:56:14 | 000,159,757 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\JavaRa.zip
[2011/01/24 14:51:46 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Files McAfee Babylon SkyCaddie to be removed.doc
[2011/01/24 14:26:43 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Files McAfee Babylon SkyCaddie to be removed.doc
[2011/01/24 13:40:56 | 000,474,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL logfile created on.doc
[2011/01/22 18:38:42 | 004,159,359 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/01/21 20:54:23 | 000,000,424 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/01/21 20:54:22 | 000,000,390 | -H-- | C] () -- C:\windows\tasks\MpIdleTask.job
[2011/01/21 20:49:36 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/01/21 20:49:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/21 09:07:08 | 000,000,100 | ---- | C] () -- C:\Boot.bak
[2011/01/21 09:07:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/21 09:05:27 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/01/21 09:05:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/01/21 09:05:27 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/01/21 09:05:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/01/21 09:05:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/01/18 13:30:13 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Logs for submission to Windowsbbs.doc
[2011/01/17 22:07:43 | 000,293,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/17 20:26:51 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdasetup.exe
[2011/01/17 13:48:14 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/01/17 10:10:35 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/01/16 17:55:12 | 027,918,336 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Qdata1 20090303new1_200903201_20090511_20090512_20090529_20090618_20090621_20090626_20090807_20090817_20090825_2009082611_201007251-2011-01-16.QDF-backup
[2011/01/16 15:33:02 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
[2011/01/16 15:28:15 | 013,894,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Quicken_WillMaker_Plus_2011.exe
[2011/01/15 19:47:06 | 000,214,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Paper jams LaserJet 4L.doc
[2011/01/14 12:50:22 | 000,215,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Belarc Analysis 1 14 2011.htm
[2011/01/12 10:59:53 | 795,660,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/11 17:23:09 | 119,976,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\registry back up 1 11 2011.reg
[2011/01/10 13:37:25 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/07 17:04:17 | 001,260,519 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Patrick from Kelly 1-7-11.jpg
[2010/12/19 09:32:40 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2010/11/03 15:51:14 | 000,000,231 | ---- | C] () -- C:\windows\AC3API.INI
[2010/11/03 15:49:33 | 000,034,917 | ---- | C] () -- C:\windows\System32\Emu10kx.ini
[2010/11/03 15:49:10 | 000,000,166 | ---- | C] () -- C:\windows\System32\kill.ini
[2010/11/01 12:34:56 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2010/10/31 14:43:40 | 000,000,258 | ---- | C] () -- C:\windows\System32\UPDATE.INI
[2010/10/27 13:33:15 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini
[2010/09/20 13:01:10 | 000,053,024 | ---- | C] () -- C:\windows\System32\UPDDRV9X.DLL
[2010/09/20 13:00:57 | 000,000,092 | ---- | C] () -- C:\windows\System32\editinf.ini
[2010/09/10 09:23:53 | 000,003,072 | ---- | C] () -- C:\windows\CTXFIRES.DLL
[2010/07/15 16:27:07 | 000,000,338 | ---- | C] () -- C:\windows\PrintScreen.INI
[2010/07/15 14:57:40 | 000,000,338 | ---- | C] () -- C:\windows\PRINTS~1.INI
[2010/07/03 19:37:49 | 000,000,157 | ---- | C] () -- C:\windows\cdplayer.ini
[2010/03/14 11:29:43 | 000,000,393 | ---- | C] () -- C:\windows\PCDES.INI
[2009/12/09 11:34:15 | 000,000,783 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.tif
[2009/12/09 11:34:15 | 000,000,566 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.dat
[2009/12/09 11:29:40 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.tif
[2009/12/09 11:29:40 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.dat
[2009/10/27 12:27:24 | 000,147,456 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2009/10/27 10:59:22 | 000,006,812 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2009/10/10 14:37:18 | 000,016,243 | ---- | C] () -- C:\windows\FlpLabel.ini
[2009/10/07 08:57:12 | 000,147,456 | ---- | C] () -- C:\windows\System32\VegaShEx.dll
[2009/10/07 08:57:06 | 000,308,224 | ---- | C] () -- C:\windows\System32\Lffpx7.dll
[2009/10/07 08:57:06 | 000,091,136 | ---- | C] () -- C:\windows\System32\Lfkodak.dll
[2009/09/25 19:03:06 | 000,000,940 | ---- | C] () -- C:\windows\hpdj5600.ini
[2009/09/25 19:02:51 | 000,000,478 | ---- | C] () -- C:\windows\hpbvspst.ini
[2009/09/25 18:48:43 | 000,000,208 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2009/09/25 18:48:27 | 000,126,976 | ---- | C] () -- C:\windows\System32\unzdll.dll
[2009/09/23 12:09:20 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/08/15 10:46:52 | 000,003,840 | ---- | C] () -- C:\windows\System32\drivers\BANTExt.sys
[2009/08/14 17:05:23 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/01 21:31:43 | 000,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
[2009/04/05 10:58:50 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
[2009/02/13 10:30:11 | 000,000,041 | ---- | C] () -- C:\windows\MSREGUSR.INI
[2009/02/08 16:41:44 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\lakerda1967.sys
[2009/02/08 16:39:47 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\docXConverter (3).ini
[2009/02/06 16:31:32 | 000,005,582 | ---- | C] () -- C:\windows\POWERUP.INI
[2009/02/05 16:13:24 | 007,602,176 | ---- | C] () -- C:\windows\System32\vaengine.dll
[2009/02/05 15:32:03 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/02/05 14:18:23 | 000,000,165 | ---- | C] () -- C:\windows\QUICKEN.INI
[2009/02/04 23:11:56 | 000,000,278 | ---- | C] () -- C:\windows\hpqcopy.INI
[2009/02/04 22:58:52 | 000,028,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HPCOM_48BitScanUpdate.log
[2009/02/04 22:58:52 | 000,000,214 | ---- | C] () -- C:\windows\HP_48BitScanUpdatePatch.ini
[2009/02/04 10:39:35 | 000,000,317 | ---- | C] () -- C:\windows\SBWIN.INI
[2009/02/04 10:29:01 | 000,262,144 | ---- | C] () -- C:\windows\System32\shpshftr.dll
[2008/02/05 12:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\setup.txt
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\windows\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\windows\System32\instwdm.ini
[2007/04/09 11:55:14 | 000,000,029 | ---- | C] () -- C:\windows\System32\ctzapxx.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\windows\System32\CTBurst.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\windows\System32\ctmmactl.dll
[2004/07/10 17:55:38 | 000,252,416 | ---- | C] () -- C:\windows\System32\wsiShared.dll
[2004/04/09 15:16:08 | 007,602,176 | ---- | C] () -- C:\windows\System32\vaesaver.dll

========== Custom Scans ==========


< Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site >

< >

< WindowsBBS | WindowsBBS Store | HelpWithWindows >

< Go Back Windows BBS > Security > Malware and Virus Removal >

< [Active] Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack [Active] Trojan Agent, Trojan.FakeAlert, Worm.Autorun.B, PUM.Hijack >

< >

< Welcome, baldcajun. >

< You have 5 unread posts >

< You last visited: 1 Hour Ago at 20:09 >

< Private Messages: Unread 0, Total 4. >

< User CP FAQ Donate Community New Posts Search Quick Links Log Out >

< >

< Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts. >
Invalid Switch: viruses? Get help from our Malware removal experts.


< >

< Community Links >

< Contacts & Friends >

< Members List >

< Search Forums >

< Show Threads Show Posts >

< Advanced Search >

< Quick Links >

< Today's Posts >

< Mark Forums Read >

< Our Other Sites >

< HelpWithWindows >

< RoseCitySoftware >

< Miscellaneous >

< Recommended Links >

< User Control Panel >

< Private Messages >

< Subscribed Threads >

< Who's Online >

< Go to Page... >

< >

< >

< Discussion Forums >

< Operating Systems >

< Windows 7 Windows 7 >

< Windows Vista Windows Vista >

< Windows XP Windows XP >

< Windows Server System Windows Server System >

< Windows 2000 Windows 2000 >

< Windows 95/98/Me/NT Windows 95/98/Me/NT >
Invalid Switch: NT


< Internet & Networking >

< Networking >

< Internet Explorer >

< Microsoft Mail >

< Firefox, Thunderbird >

< & SeaMonkey >

< General Internet >

< Security >

< General Security >

< Malware and Virus >

< Removal >

< Other >

< Other Software >

< Hardware >

< Test Posts >

< Community >

< Introductions >

< General Discussions >

< Contributing Members >

< Comments >

< & Suggestions >

< News @ WindowsBBS >

< >

< >

< Reply >

< Page 2 of 3 < 1 2 3 > >

< >

< LinkBack Thread Tools Search this Thread >

< Old 2 Days Ago #16 >

< broni >

< Malware Analyst >

< >

< broni's Avatar >

< >

< Profile: >

< Join Date: Aug 2002 >

< Location: Daly City, CA >

< Posts: 12,812 >

< Computer Experience: >

< intermediate >

< broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level >

< >

< My System >

< >

< >

< You're running two AV programs, McAfee and Microsoft Security Essentials. >

< One of them has to go. >

< If McAfee (preferably), make sure to use this tool to remove it: http://www.softpedia.com/get/Tweak/U...val-Tool.shtml >
Invalid Switch: U...val-Tool.shtml


< >

< ================================================================== >

< >

< Uninstall RegCure. >

< >

< Registry cleaners/optimizers are not recommended for several reasons: >
Invalid Switch: optimizers are not recommended for several reasons:


< >

< * Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable. >

< >

< The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry. >

< * Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. >

< * Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry. >

< * Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools. >

< * The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ". >

< >

< Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great. >

< >

< * Ed Bott's Webog: Why I don't use registry cleaners >

< * Do I need a Registry Cleaner? >

< >

< >

< ============================================================== >

< >

< Combofix log looks good. >

< >

< Download OTL to your Desktop. >

< >

< * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. >

< * Click the Scan All Users checkbox. >

< * Under the Custom Scan box paste this in: >

< >

< >

< >

< %SYSTEMDRIVE%\*.* >
[2002/04/18 12:57:12 | 000,204,047 | ---- | M] () -- C:\0720005_MED.jpg
[2002/04/15 05:18:38 | 000,003,595 | ---- | M] () -- C:\2D_06-over.gif
[2002/04/15 05:18:38 | 000,003,247 | ---- | M] () -- C:\2D_06.gif
[1999/09/03 11:50:42 | 000,003,426 | ---- | M] () -- C:\3D Pyramid.lay
[1999/12/30 18:29:08 | 000,135,713 | ---- | M] () -- C:\3D Stone.jpg
[2002/04/19 16:36:12 | 000,193,522 | ---- | M] () -- C:\427.jpg
[2002/04/11 11:34:58 | 000,448,741 | ---- | M] () -- C:\70s.jpg
[2002/04/10 11:46:38 | 000,087,358 | ---- | M] () -- C:\A Touch of Colour.jpg
[2002/01/30 03:36:46 | 000,001,902 | ---- | M] () -- C:\about.gif
[2002/04/19 05:00:24 | 000,002,842 | ---- | M] () -- C:\about.htm
[2002/01/30 03:38:54 | 000,001,961 | ---- | M] () -- C:\aboutdown.gif
[2002/01/30 03:36:32 | 000,001,966 | ---- | M] () -- C:\abouton.gif
[2000/05/11 05:35:52 | 000,003,463 | ---- | M] () -- C:\Abstract Building.lay
[2002/04/11 17:27:08 | 000,344,148 | ---- | M] () -- C:\Actual Tiles 2.jpg
[2002/04/11 17:27:26 | 000,350,268 | ---- | M] () -- C:\Actual Tiles 3.jpg
[2002/04/11 17:26:50 | 000,345,347 | ---- | M] () -- C:\Actual Tiles.jpg
[2002/04/22 13:53:52 | 000,113,082 | ---- | M] () -- C:\Africa.jpg
[2002/04/22 12:18:40 | 000,146,114 | ---- | M] () -- C:\Alarm Clock.jpg
[2002/04/10 09:51:40 | 000,254,003 | ---- | M] () -- C:\Alphabet Ice.jpg
[2002/04/10 09:51:50 | 000,268,615 | ---- | M] () -- C:\Alphabet Metal.jpg
[2002/04/10 09:51:30 | 000,220,795 | ---- | M] () -- C:\Alphabet Plasma Fire.jpg
[2002/04/10 09:52:04 | 000,379,519 | ---- | M] () -- C:\Alphabet Stone.jpg
[2002/04/10 09:51:06 | 000,243,400 | ---- | M] () -- C:\Alphabet Wood.jpg
[2002/04/12 10:05:24 | 000,371,711 | ---- | M] () -- C:\Alphabet.jpg
[2002/04/11 17:27:42 | 000,261,621 | ---- | M] () -- C:\Amazonite.jpg
[2002/04/12 08:49:10 | 000,410,961 | ---- | M] () -- C:\Amethyst.jpg
[2000/06/11 21:26:02 | 000,113,049 | ---- | M] () -- C:\Ancient.jpg
[2000/03/23 09:48:00 | 000,003,440 | ---- | M] () -- C:\Angel.lay
[2002/04/11 17:24:06 | 000,408,922 | ---- | M] () -- C:\Animal Prints.jpg
[2002/04/11 17:24:24 | 000,271,867 | ---- | M] () -- C:\Animals.jpg
[2002/04/22 14:04:18 | 000,220,832 | ---- | M] () -- C:\Apple and Peach.jpg
[2002/04/22 11:40:14 | 000,209,027 | ---- | M] () -- C:\Arch.jpg
[1998/11/20 16:03:24 | 000,003,435 | ---- | M] () -- C:\Arena.lay
[2002/04/01 11:57:54 | 000,057,282 | ---- | M] () -- C:\Arrow.jpg
[2002/04/12 09:58:38 | 000,594,564 | ---- | M] () -- C:\Arrows.jpg
[2002/04/22 13:54:36 | 000,135,980 | ---- | M] () -- C:\Asia.jpg
[2002/04/22 11:58:34 | 000,106,903 | ---- | M] () -- C:\Asteroid.jpg
[1998/09/25 13:31:22 | 000,082,650 | ---- | M] () -- C:\Astral Dream.mid
[2002/04/22 13:55:10 | 000,078,066 | ---- | M] () -- C:\Australia.jpg
[2009/09/24 08:07:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/01/30 07:26:08 | 000,002,152 | ---- | M] () -- C:\back.gif
[2002/01/30 07:26:46 | 000,002,157 | ---- | M] () -- C:\backdown.gif
[2002/01/30 07:26:22 | 000,002,128 | ---- | M] () -- C:\backon.gif
[2002/04/12 08:49:32 | 000,331,883 | ---- | M] () -- C:\Bakelite.jpg
[2002/04/22 15:40:14 | 000,138,647 | ---- | M] () -- C:\Balloon.jpg
[2002/04/22 15:41:24 | 000,139,200 | ---- | M] () -- C:\Balloon2.jpg
[2002/04/22 15:40:52 | 000,115,679 | ---- | M] () -- C:\Balloons.jpg
[2002/04/23 17:07:00 | 000,000,141 | ---- | M] () -- C:\Balloons.txt
[2002/04/22 15:39:42 | 000,152,493 | ---- | M] () -- C:\Balloons2.jpg
[2001/01/27 23:28:14 | 000,021,558 | ---- | M] () -- C:\Balls.bmp
[2000/10/25 11:44:54 | 000,434,514 | ---- | M] () -- C:\Bamboo.jpg
[2002/04/22 12:13:52 | 000,214,594 | ---- | M] () -- C:\Barn.jpg
[2002/04/19 16:31:36 | 000,137,256 | ---- | M] () -- C:\Basketball.jpg
[2002/04/22 12:21:08 | 000,154,374 | ---- | M] () -- C:\Bathtime.jpg
[2002/04/19 16:54:36 | 000,129,435 | ---- | M] () -- C:\Beach.jpg
[2002/04/22 17:00:26 | 000,461,481 | ---- | M] () -- C:\Beads.jpg
[2002/04/22 12:13:00 | 000,149,167 | ---- | M] () -- C:\Beams.jpg
[1998/11/20 16:03:34 | 000,003,436 | ---- | M] () -- C:\Beatle.lay
[2002/04/16 11:25:10 | 000,368,023 | ---- | M] () -- C:\Beech.jpg
[2001/06/19 12:13:46 | 000,001,068 | ---- | M] () -- C:\beep.wav
[2002/04/22 14:03:46 | 000,275,137 | ---- | M] () -- C:\Berry Wreath.jpg
[2002/02/04 07:09:16 | 000,007,047 | ---- | M] () -- C:\bhelp.htm
[1999/05/06 17:33:18 | 000,003,438 | ---- | M] () -- C:\Big Hole.lay
[2002/04/22 15:37:14 | 000,158,353 | ---- | M] () -- C:\Big Rig.jpg
[2000/10/25 11:44:50 | 000,241,138 | ---- | M] () -- C:\Big Sky.jpg
[2002/04/22 15:30:56 | 000,183,537 | ---- | M] () -- C:\Bike Path.jpg
[2009/08/17 19:44:01 | 000,000,092 | ---- | M] () -- C:\BIOSID.TXT
[2002/04/22 17:01:12 | 000,512,871 | ---- | M] () -- C:\Birds.jpg
[1998/11/20 16:11:32 | 000,003,440 | ---- | M] () -- C:\Bizarre.lay
[2000/03/07 15:04:14 | 000,071,510 | ---- | M] () -- C:\Black Dominoes.jpg
[2002/04/22 14:32:24 | 000,341,534 | ---- | M] () -- C:\Black Pattern.jpg
[2002/04/18 15:53:56 | 000,085,442 | ---- | M] () -- C:\Black Satin.jpg
[2002/04/22 15:27:28 | 000,310,998 | ---- | M] () -- C:\Black.jpg
[2002/04/02 14:53:54 | 000,003,426 | ---- | M] () -- C:\Blocks.lay
[2002/04/19 16:47:24 | 000,142,363 | ---- | M] () -- C:\Blower.jpg
[2002/04/19 16:48:14 | 000,092,501 | ---- | M] () -- C:\Blower2.jpg
[2002/04/22 14:22:58 | 000,154,539 | ---- | M] () -- C:\Blue Cord.jpg
[2002/04/18 15:38:22 | 000,301,430 | ---- | M] () -- C:\Blue Cotton.jpg
[2002/04/08 12:47:24 | 000,043,475 | ---- | M] () -- C:\blue marble.jpg
[2000/08/28 11:45:56 | 000,005,483 | ---- | M] () -- C:\Blue.jpg
[2002/04/19 16:59:42 | 000,155,312 | ---- | M] () -- C:\Boat.jpg
[1998/11/20 16:11:48 | 000,003,437 | ---- | M] () -- C:\Boat.lay
[2002/04/22 12:09:18 | 000,212,409 | ---- | M] () -- C:\Boats.jpg
[2002/04/01 11:58:42 | 000,087,156 | ---- | M] () -- C:\Bonafide.jpg
[2002/04/22 13:59:44 | 000,178,625 | ---- | M] () -- C:\Books.jpg
[2010/01/22 15:20:04 | 000,000,100 | ---- | M] () -- C:\Boot.bak
[2011/01/21 09:56:34 | 000,000,217 | RHS- | M] () -- C:\boot.ini
[2002/04/15 05:16:42 | 000,010,985 | ---- | M] () -- C:\bottom_05.gif
[2002/04/19 16:12:58 | 000,162,810 | ---- | M] () -- C:\Bowling.jpg
[2002/04/19 16:54:00 | 000,200,457 | ---- | M] () -- C:\Bows.jpg
[2002/04/10 09:49:34 | 000,129,177 | ---- | M] () -- C:\braille.jpg
[2002/04/12 08:49:50 | 000,309,873 | ---- | M] () -- C:\Brass.jpg
[2002/04/12 08:50:06 | 000,378,744 | ---- | M] () -- C:\Brick.jpg
[2002/04/23 15:05:36 | 000,000,134 | ---- | M] () -- C:\Brick.txt
[2000/08/02 16:44:22 | 000,009,060 | ---- | M] () -- C:\Bricks.jpg
[2002/04/22 12:07:24 | 000,116,118 | ---- | M] () -- C:\Bridge.jpg
[2002/04/22 12:08:46 | 000,167,105 | ---- | M] () -- C:\Bridge2.jpg
[1999/08/13 09:48:00 | 000,003,425 | ---- | M] () -- C:\Bridging.lay
[2002/04/16 11:30:50 | 000,297,513 | ---- | M] () -- C:\Bronze.jpg
[2002/04/22 15:23:48 | 000,303,927 | ---- | M] () -- C:\Brook.jpg
[2002/04/22 15:28:22 | 000,140,693 | ---- | M] () -- C:\Brushstrokes.jpg
[2002/04/11 17:28:08 | 000,314,491 | ---- | M] () -- C:\Bubblepaper.jpg
[2000/06/25 01:26:04 | 000,007,319 | ---- | M] () -- C:\Bubbles.jpg
[2002/04/22 12:09:50 | 000,165,109 | ---- | M] () -- C:\Building.jpg
[2001/10/16 22:33:00 | 000,049,206 | ---- | M] () -- C:\bumpmap.bmp
[2002/04/15 14:15:40 | 000,010,183 | ---- | M] () -- C:\bumpthing1.jpg
[2002/04/15 14:15:26 | 000,008,885 | ---- | M] () -- C:\bumpthing10.jpg
[2002/04/15 14:15:38 | 000,009,666 | ---- | M] () -- C:\bumpthing2.jpg
[2002/04/15 14:15:38 | 000,010,616 | ---- | M] () -- C:\bumpthing3.jpg
[2002/04/15 14:15:36 | 000,010,760 | ---- | M] () -- C:\bumpthing4.jpg
[2002/04/15 14:15:36 | 000,009,856 | ---- | M] () -- C:\bumpthing5.jpg
[2002/04/15 14:15:34 | 000,008,868 | ---- | M] () -- C:\bumpthing6.jpg
[2002/04/15 14:15:32 | 000,009,406 | ---- | M] () -- C:\bumpthing7.jpg
[2002/04/15 14:15:30 | 000,010,728 | ---- | M] () -- C:\bumpthing8.jpg
[2002/04/15 14:15:30 | 000,009,339 | ---- | M] () -- C:\bumpthing9.jpg
[2002/04/12 08:50:24 | 000,450,231 | ---- | M] () -- C:\Burlap.jpg
[2002/04/12 09:49:40 | 000,215,018 | ---- | M] () -- C:\Butterflies.jpg
[2002/04/02 12:51:02 | 000,003,426 | ---- | M] () -- C:\Butterfly.lay
[2002/04/16 11:32:36 | 000,307,056 | ---- | M] () -- C:\Butternut.jpg
[2002/04/10 09:27:26 | 001,080,056 | ---- | M] () -- C:\Buttons.bmp
[2002/04/10 11:48:32 | 000,135,976 | ---- | M] () -- C:\Buttons.jpg
[2002/01/31 07:17:18 | 000,004,538 | ---- | M] () -- C:\buzz.wav
[2002/04/22 12:05:32 | 000,169,849 | ---- | M] () -- C:\Cacti.jpg
[2002/04/22 14:14:24 | 000,168,629 | ---- | M] () -- C:\Calculator.jpg
[2002/04/01 11:58:04 | 000,085,259 | ---- | M] () -- C:\Calicol.jpg
[2002/04/01 11:58:54 | 000,082,763 | ---- | M] () -- C:\Calligraphy.jpg
[2002/04/22 12:08:08 | 000,153,784 | ---- | M] () -- C:\Canal.jpg
[2002/04/22 12:08:26 | 000,129,819 | ---- | M] () -- C:\Canal2.jpg
[2002/04/22 12:17:40 | 000,068,872 | ---- | M] () -- C:\Candle.jpg
[2002/04/19 17:00:44 | 000,341,088 | ---- | M] () -- C:\Candy Eggs.jpg
[2000/07/08 12:06:24 | 000,034,710 | ---- | M] () -- C:\Candy.bmp
[2000/10/25 11:44:48 | 000,450,828 | ---- | M] () -- C:\Canvas.jpg
[2002/04/22 11:38:52 | 000,181,840 | ---- | M] () -- C:\Canyon.jpg
[2002/04/22 11:39:04 | 000,141,217 | ---- | M] () -- C:\Canyon2.jpg
[2002/04/22 11:39:44 | 000,162,110 | ---- | M] () -- C:\Canyon3.jpg
[2002/04/16 11:29:20 | 000,295,478 | ---- | M] () -- C:\Cardboard.jpg
[2002/04/22 11:48:58 | 000,146,328 | ---- | M] () -- C:\Cargo.jpg
[2002/04/03 12:12:50 | 000,234,061 | ---- | M] () -- C:\Carved Stone.jpg
[2002/04/22 14:27:20 | 000,308,501 | ---- | M] () -- C:\Cash.jpg
[2002/04/22 12:12:12 | 000,099,817 | ---- | M] () -- C:\Castle.jpg
[1998/11/20 16:11:00 | 000,003,439 | ---- | M] () -- C:\Castle.lay
[1999/02/09 12:48:44 | 000,003,429 | ---- | M] () -- C:\Cat and Mouse.lay
[2002/04/22 12:25:16 | 000,136,381 | ---- | M] () -- C:\Cat Bath.jpg
[2002/04/11 17:28:26 | 000,486,234 | ---- | M] () -- C:\Catalin.jpg
[2002/04/22 12:14:22 | 000,300,916 | ---- | M] () -- C:\Cave.jpg
[2002/04/22 14:13:42 | 000,058,335 | ---- | M] () -- C:\CDs.jpg
[2002/04/12 08:50:42 | 000,306,488 | ---- | M] () -- C:\Cement.jpg
[1998/11/20 16:06:12 | 000,003,440 | ---- | M] () -- C:\Ceremonial.lay
[2002/04/15 12:24:06 | 000,008,732 | ---- | M] () -- C:\Charcoal.jpg
[2002/04/02 11:32:22 | 000,003,426 | ---- | M] () -- C:\Chart.lay
[2002/04/10 11:46:30 | 000,065,117 | ---- | M] () -- C:\Chass.jpg
[2000/10/25 11:44:44 | 000,226,416 | ---- | M] () -- C:\Checkerboard.jpg
[2002/04/22 17:01:04 | 000,395,192 | ---- | M] () -- C:\Checkered.jpg
[2000/04/15 13:51:58 | 000,003,424 | ---- | M] () -- C:\Checkers.lay
[2002/04/16 11:33:28 | 000,381,167 | ---- | M] () -- C:\Cherry.jpg
[2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Chess - Bishop.lay
[2000/10/16 00:30:34 | 000,003,438 | ---- | M] () -- C:\Chess - King.lay
[2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Chess - Knight.lay
[2000/10/16 00:30:34 | 000,003,440 | ---- | M] () -- C:\Chess - Pawn.lay
[2000/10/16 00:30:34 | 000,003,439 | ---- | M] () -- C:\Chess - Queen.lay
[2000/10/16 00:30:34 | 000,003,438 | ---- | M] () -- C:\Chess - Rook.lay
[2002/04/16 11:16:00 | 000,322,883 | ---- | M] () -- C:\Chess.jpg
[1999/06/21 14:52:54 | 000,112,889 | ---- | M] () -- C:\China.jpg
[2002/04/12 09:43:16 | 000,189,492 | ---- | M] () -- C:\Christmas Decorations.jpg
[2002/04/16 11:17:06 | 000,435,242 | ---- | M] () -- C:\Christmas Presents.jpg
[2002/04/10 11:49:04 | 000,104,310 | ---- | M] () -- C:\Christop.jpg
[2000/10/25 11:44:58 | 000,246,496 | ---- | M] () -- C:\Chrome.jpg
[2002/04/22 15:04:28 | 000,283,193 | ---- | M] () -- C:\Circuit Board.jpg
[2002/04/02 11:49:02 | 000,003,426 | ---- | M] () -- C:\City.lay
[2001/09/21 21:17:52 | 000,061,746 | ---- | M] () -- C:\Classic.jpg
[2002/04/01 11:58:32 | 000,087,356 | ---- | M] () -- C:\Clean.jpg
[2002/01/30 04:40:22 | 000,001,758 | ---- | M] () -- C:\click.wav
[2002/04/22 14:14:44 | 000,063,533 | ---- | M] () -- C:\Clock.jpg
[2002/04/19 17:17:36 | 000,186,641 | ---- | M] () -- C:\Closeup.jpg
[2000/08/28 11:29:40 | 000,007,989 | ---- | M] () -- C:\Clouds.jpg
[2002/04/23 16:55:22 | 000,000,162 | ---- | M] () -- C:\Clouds.txt
[2002/04/22 15:06:12 | 000,067,119 | ---- | M] () -- C:\Clouds1.jpg
[2002/04/22 15:10:42 | 000,085,372 | ---- | M] () -- C:\Clouds10.jpg
[2002/04/22 15:10:48 | 000,090,682 | ---- | M] () -- C:\Clouds11.jpg
[2002/04/22 15:10:48 | 000,095,808 | ---- | M] () -- C:\Clouds12.jpg
[2002/04/22 15:10:50 | 000,066,611 | ---- | M] () -- C:\Clouds13.jpg
[2002/04/22 15:10:50 | 000,086,944 | ---- | M] () -- C:\Clouds14.jpg
[2002/04/22 15:10:40 | 000,059,419 | ---- | M] () -- C:\Clouds15.jpg
[2002/04/22 15:12:36 | 000,119,271 | ---- | M] () -- C:\Clouds18.jpg
[2002/04/22 15:12:44 | 000,084,149 | ---- | M] () -- C:\Clouds19.jpg
[2002/04/22 15:06:24 | 000,059,117 | ---- | M] () -- C:\Clouds2.jpg
[2002/04/22 15:12:46 | 000,093,193 | ---- | M] () -- C:\Clouds20.jpg
[2002/04/22 15:13:26 | 000,096,733 | ---- | M] () -- C:\Clouds21.jpg
[2002/04/22 15:12:48 | 000,090,747 | ---- | M] () -- C:\Clouds22.jpg
[2002/04/22 15:12:48 | 000,114,309 | ---- | M] () -- C:\Clouds23.jpg
[2002/04/22 15:13:20 | 000,076,056 | ---- | M] () -- C:\Clouds24.jpg
[2002/04/22 15:13:22 | 000,103,186 | ---- | M] () -- C:\Clouds25.jpg
[2002/04/22 15:13:22 | 000,083,504 | ---- | M] () -- C:\Clouds26.jpg
[2002/04/22 15:13:24 | 000,085,792 | ---- | M] () -- C:\Clouds27.jpg
[2002/04/22 15:13:24 | 000,106,083 | ---- | M] () -- C:\Clouds28.jpg
[2002/04/22 15:12:46 | 000,106,520 | ---- | M] () -- C:\Clouds29.jpg
[2002/04/22 15:06:56 | 000,064,883 | ---- | M] () -- C:\Clouds3.jpg
[2002/04/22 15:07:26 | 000,094,382 | ---- | M] () -- C:\Clouds4.jpg
[2002/04/22 15:10:38 | 000,081,196 | ---- | M] () -- C:\Clouds5.jpg
[2002/04/22 15:10:38 | 000,080,135 | ---- | M] () -- C:\Clouds6.jpg
[2002/04/22 15:10:40 | 000,081,034 | ---- | M] () -- C:\Clouds7.jpg
[2002/04/22 15:10:50 | 000,082,192 | ---- | M] () -- C:\Clouds8.jpg
[2002/04/22 15:10:40 | 000,094,827 | ---- | M] () -- C:\Clouds9.jpg
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2002/04/16 11:32:52 | 000,310,267 | ---- | M] () -- C:\cobblestone.jpg
[2000/10/24 01:00:08 | 000,003,426 | ---- | M] () -- C:\Coffee Cup.lay
[2002/04/22 15:17:58 | 000,311,338 | ---- | M] () -- C:\Colored Bricks.jpg
[2000/10/25 11:44:36 | 000,421,946 | ---- | M] () -- C:\Colored Stones.jpg
[2002/04/11 17:28:56 | 000,390,761 | ---- | M] () -- C:\Colorful.jpg
[2002/04/12 10:07:10 | 000,034,710 | ---- | M] () -- C:\ColourWash.bmp
[2011/01/22 19:06:36 | 000,015,982 | ---- | M] () -- C:\ComboFix.txt
[2002/04/22 11:58:02 | 000,107,076 | ---- | M] () -- C:\Comet.jpg
[2002/04/22 14:15:00 | 000,054,703 | ---- | M] () -- C:\Computer.jpg
[2002/04/01 18:19:48 | 000,003,426 | ---- | M] () -- C:\Computer.lay
[2002/04/22 15:02:56 | 000,297,116 | ---- | M] () -- C:\Conduit.jpg
[2002/04/22 14:26:40 | 000,180,506 | ---- | M] () -- C:\Conference room.jpg
[2009/09/24 08:07:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/01/30 11:43:06 | 000,004,918 | ---- | M] () -- C:\contact.gif
[2002/01/31 06:04:46 | 000,009,121 | ---- | M] () -- C:\contact.htm
[2002/01/30 11:58:48 | 000,005,039 | ---- | M] () -- C:\contacton.gif
[2002/01/17 04:06:54 | 000,003,300 | ---- | M] () -- C:\controlpanel.gif
[2002/04/19 16:40:22 | 000,219,592 | ---- | M] () -- C:\Convertible.jpg
[2002/04/19 16:48:46 | 000,225,532 | ---- | M] () -- C:\Convertible2.jpg
[2002/04/19 10:38:40 | 000,211,953 | ---- | M] () -- C:\Cool Blue.jpg
[2002/04/19 10:35:46 | 000,218,660 | ---- | M] () -- C:\Cool Gray.jpg
[2002/04/19 10:37:10 | 000,221,916 | ---- | M] () -- C:\Cool Green.jpg
[2002/04/22 14:13:08 | 000,047,898 | ---- | M] () -- C:\Cool Mouse.jpg
[2002/04/19 10:34:20 | 000,310,400 | ---- | M] () -- C:\Cool Red.jpg
[2002/04/12 08:51:02 | 000,298,907 | ---- | M] () -- C:\Copper.jpg
[2002/01/14 05:28:36 | 000,001,977 | ---- | M] () -- C:\Copy of game.gif
[2002/04/16 11:29:56 | 000,283,009 | ---- | M] () -- C:\Corkboard.jpg
[2002/04/22 11:54:54 | 000,291,772 | ---- | M] () -- C:\Cosmic Cloud.jpg
[2002/04/22 13:46:04 | 000,154,881 | ---- | M] () -- C:\Cowboy.jpg
[2002/04/18 16:03:50 | 000,490,674 | ---- | M] () -- C:\Cowra Gardens.jpg
[2002/04/22 15:28:02 | 000,183,785 | ---- | M] () -- C:\Cracks.jpg
[2002/04/22 11:58:56 | 000,373,373 | ---- | M] () -- C:\Crater.jpg
[2002/04/12 09:39:10 | 000,330,145 | ---- | M] () -- C:\Crazy Paving.jpg
[2002/04/12 09:25:30 | 000,279,571 | ---- | M] () -- C:\Crazy20.jpg
[2002/04/16 11:18:30 | 000,444,806 | ---- | M] () -- C:\Crop Circles.jpg
[1998/11/20 15:49:10 | 000,003,435 | ---- | M] () -- C:\Crown.lay
[2002/04/22 15:22:52 | 000,290,247 | ---- | M] () -- C:\Crystal.jpg
[2002/04/11 17:22:42 | 000,486,258 | ---- | M] () -- C:\CS Traditional -