Hi deltalima,
Thanks very much for the help!
I have access to another virus scanner through my service provider, which I think might be better than MSE. Should I try it?
Thanks,
S.
OTL.Txt
OTL logfile created on: 7/5/2010 12:24:13 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 99.01 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LATITUDE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINNT\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINNT\System32\hidserv.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINNT\system32\snmp.exe (Microsoft Corporation)
SRV - (RUBotted) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
========== Driver Services (SafeList) ========== DRV - (HSXHWAZL) -- C:\WINNT\System32\DRIVERS\HSXHWAZL.sys File not found
DRV - (fkwzgmie) -- C:\WINNT\System32\drivers\fkwzgmie.sys File not found
DRV - (MpFilter) -- C:\WINNT\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINNT\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (amdagp) -- C:\WINNT\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINNT\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINNT\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINNT\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (e1express) Intel(R) -- C:\WINNT\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ialm) -- C:\WINNT\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (guardian2) -- C:\WINNT\system32\drivers\oz776.sys (O2Micro)
DRV - (TcUsb) -- C:\WINNT\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (TMPassthruMP) -- C:\WINNT\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthru) -- C:\WINNT\system32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (HSF_DPV) -- C:\WINNT\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINNT\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINNT\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\WINNT\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (NETw4x32) Intel(R) -- C:\WINNT\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINNT\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (truecrypt) -- C:\WINNT\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (HECI) Intel(R) -- C:\WINNT\system32\drivers\HECI.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINNT\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINNT\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw3x32) Intel(R) -- C:\WINNT\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (nv) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (w29n51) Intel(R) -- C:\WINNT\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (IFXTPM) -- C:\WINNT\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINNT\system32\drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (yukonwxp) -- C:\WINNT\system32\drivers\yk51x86.sys (Marvell)
DRV - (altio) -- C:\WINNT\system32\altio.sys (Altium Limited)
DRV - (ApfiltrService) -- C:\WINNT\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (w70n51) Intel(R) -- C:\WINNT\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (tridxp4) -- C:\WINNT\system32\drivers\tridxp4m.sys (Trident Microsystems Inc.)
DRV - (tsdhd) -- C:\WINNT\system32\drivers\tsdhd.sys (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINNT\system32\drivers\smcirda.sys (SMC)
DRV - (Sparrow) -- C:\WINNT\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINNT\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINNT\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINNT\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINNT\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINNT\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINNT\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINNT\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINNT\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINNT\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINNT\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINNT\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINNT\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINNT\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINNT\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/IE - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
foxmarks@kei.com:3.6.15
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems:
validator@totalvalidator.com:6.5.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/30 07:24:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 14:08:11 | 000,000,000 | ---D | M]
[2010/05/20 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/07/03 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions
[2010/06/25 00:15:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/25 00:15:35 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/25 00:15:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/02 15:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\foxmarks@kei.com
[2010/06/29 14:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\extensions\validator@totalvalidator.com
[2010/07/02 01:54:12 | 000,002,979 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\um64otsq.default\searchplugins\ebayca.xml
[2010/07/04 07:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINNT\System32\nvsysrot.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [RegServer] C:\WINNT\System32\RegServe.exe ()
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TridentWatchDog] C:\WINNT\System32\TWatDog.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051..\Run: [PureText] File not found
O4 - HKLM..\RunOnce: [New Value #1] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pitaschio.lnk = C:\Program Files\Pitaschio\Pitaschio.exe ( )
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoMate Task Service.lnk = C:\Program Files\AutoMate4\Automate.exe (Unisyn Software, LLC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\GridMove.lnk = C:\Program Files\GridMove\GridMove.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickMonth Calendar.lnk = C:\WINNT\qmc.exe File not found
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo! Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-3121265979-145127783-2100734864-1051\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windows ... 4457702253 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes
file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/15 12:17:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a501680-6480-11df-bbb9-001c234442da}\Shell - "" = AutoRun
O33 - MountPoints2\{3a501680-6480-11df-bbb9-001c234442da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a501680-6480-11df-bbb9-001c234442da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINNT\TEMP\AUTMGR32.EXE" /START "%1" %* ()
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINNT\TEMP\AUTMGR32.EXE" /START "%1" %* ()
========== Files/Folders - Created Within 30 Days ========== [2010/07/05 08:32:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/07/03 07:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/07/02 17:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Altium2004_SP4
[2010/07/02 17:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Altium2004_SP4
[2010/07/02 17:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Altium2004_SP4
[2010/07/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WexTech Shared
[2010/07/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Novell Shared
[2010/07/02 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lhspf
[2010/07/01 19:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/01 19:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/01 19:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/30 23:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Identities
[2010/06/30 01:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/06/30 00:21:47 | 000,000,000 | ---D | C] -- C:\c9b20ff71cffe5f758bc
[2010/06/29 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Threat Expert
[2010/06/29 21:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2010/06/29 21:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/06/29 21:38:50 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINNT\PCTBDCore.dll.old
[2010/06/29 21:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/29 21:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/29 14:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/29 14:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 14:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/29 14:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/24 20:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Workspaces
[2010/06/23 22:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Paint.NET
[2010/06/23 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/06/23 21:37:17 | 000,000,000 | ---D | C] -- C:\temp
[2010/06/22 21:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Arachnophilia
[2010/06/21 08:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Designs
[2010/06/21 08:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Altium2004_SP3
[2010/06/21 08:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Altium2004_SP3
[2010/06/21 08:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Altium2004_SP3
[2010/06/21 08:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Altium2004_SP2Security
[2010/06/20 21:54:54 | 000,212,992 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\hptcpmui.dll
[2010/06/20 21:54:52 | 000,102,400 | R--- | C] (Hewlett Packard) -- C:\WINNT\System32\hpzjrd01.dll
[2010/06/20 21:54:52 | 000,098,304 | R--- | C] (Hewlett Packard Company) -- C:\WINNT\System32\hpzjsn01.dll
[2010/06/20 21:54:52 | 000,028,672 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpzjfw01.dll
[2010/06/20 21:54:51 | 000,126,976 | R--- | C] (Hewlett Packard) -- C:\WINNT\System32\hptcpmon.dll
[2010/06/20 21:54:51 | 000,073,728 | R--- | C] (Hewlett Packard) -- C:\WINNT\System32\hptcpmib.dll
[2010/06/20 21:54:28 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\IMF32.DLL
[2010/06/20 21:54:26 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\zlhp2600.dll
[2010/06/20 21:54:26 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\zlm.dll
[2010/06/20 21:54:25 | 000,155,648 | R--- | C] (Zenographics) -- C:\WINNT\System32\HP2600IR.dll
[2010/06/20 21:54:25 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\ZSPOOL.DLL
[2010/06/20 21:54:25 | 000,024,576 | R--- | C] (Zenographics, Inc.) -- C:\WINNT\System32\ZTAG32.DLL
[2010/06/20 21:54:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Zenographics
[2010/06/20 21:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/20 21:39:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/06/20 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Vso
[2010/06/20 21:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\PcSetup
[2010/06/20 21:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\DVDFab
[2010/06/20 21:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/06/20 21:33:08 | 000,188,672 | ---- | C] (TrueCrypt Foundation) -- C:\WINNT\System32\drivers\truecrypt.sys
[2010/06/20 21:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/06/20 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Howies Quick Screen Capture
[2010/06/20 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Altium2004 SP3
[2010/06/20 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\NameIt
[2010/06/20 21:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\GridMove
[2010/06/20 21:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Widgets
[2010/06/20 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/20 21:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
[2010/06/20 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Widgets
[2010/06/20 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/06/20 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/06/20 20:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/20 20:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SmartDraw
[2010/06/20 20:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw 7
[2010/06/20 20:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/20 20:34:54 | 000,102,912 | ---- | C] (Unisyn Software, LLC) -- C:\WINNT\System32\amnt.dll
[2010/06/20 20:34:41 | 001,108,992 | ---- | C] (Unisyn Software, LLC) -- C:\WINNT\System32\AMOLE.dll
[2010/06/20 20:34:41 | 000,446,464 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINNT\System32\Hhactivex.dll
[2010/06/20 20:34:29 | 000,262,144 | ---- | C] (Polar Engineering and Consulting) -- C:\WINNT\System32\Sbent532.ocx
[2010/06/20 20:34:27 | 001,134,645 | ---- | C] (Polar Engineering and Consulting) -- C:\WINNT\System32\Sbe5_32.dll
[2010/06/20 20:34:18 | 000,283,984 | ---- | C] (Xceed Software Inc (450) 442-2626
zip@xceedsoft.com www.xceedsoft.com) -- C:\WINNT\System32\XceedZip.dll
[2010/06/20 20:34:17 | 000,429,056 | ---- | C] (Unisyn Software, LLC) -- C:\WINNT\System32\RIPCMgr.dll
[2010/06/20 20:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\AutoMate4
[2010/06/20 20:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/20 20:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/20 20:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/20 20:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/20 20:24:31 | 000,000,000 | ---D | C] -- C:\WINNT\SHELLNEW
[2010/06/20 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Help
[2010/06/20 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/20 20:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/20 20:23:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/20 20:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AdobeUM
[2010/06/20 13:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TeraCopy
[2010/06/20 13:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/06/20 01:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
[2010/06/20 01:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/06/19 22:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Irfanview
[2010/06/19 22:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Help
[2010/06/19 22:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Help
[2010/06/19 22:39:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Desktop\d on Vault2 (vault2)
[2010/06/19 22:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\WallMaster
[2010/06/19 22:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/07/05 10:00:30 | 000,000,408 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2010/07/05 09:59:12 | 000,479,920 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/05 09:59:12 | 000,408,238 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/05 09:59:12 | 000,064,602 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/05 09:55:17 | 000,000,448 | ---- | M] () -- C:\WINNT\tasks\SDMsgUpdate (SD).job
[2010/07/05 09:55:16 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/05 09:54:56 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/05 09:54:47 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/05 09:54:44 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/05 09:54:06 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/07/05 09:54:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/07/05 09:10:58 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\User\Desktop\GMER.lnk
[2010/07/05 09:09:51 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis (2).lnk
[2010/07/05 09:05:23 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - IE popping up ad windows at random.URL
[2010/07/05 08:51:51 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/07/05 08:32:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/07/04 20:35:58 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Blackline GPS.lnk
[2010/07/02 17:01:55 | 003,792,992 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/07/02 16:49:33 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Altium Designer 2004 (SP3).lnk
[2010/07/02 14:31:21 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2010/06/30 14:12:57 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel 2007.lnk
[2010/06/30 08:44:08 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Blackline workspace.lnk
[2010/06/30 01:13:25 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/06/29 22:53:55 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Documents.lnk
[2010/06/29 14:54:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 14:52:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:18:56 | 000,000,151 | ---- | M] () -- C:\WINNT\QScreenCapt.ini
[2010/06/27 22:42:25 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Volume Control.lnk
[2010/06/24 20:49:38 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/24 20:48:02 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Watch video.bat.lnk
[2010/06/24 20:10:33 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Mimi.lnk
[2010/06/24 07:39:25 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Household.lnk
[2010/06/23 22:11:30 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.NET.lnk
[2010/06/23 22:10:25 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/06/23 21:16:28 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 09:31:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PureText.lnk
[2010/06/22 23:07:24 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2010/06/22 21:09:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Arachnophilia.lnk
[2010/06/21 21:36:48 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Web.lnk
[2010/06/21 15:32:30 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Word 2007.lnk
[2010/06/21 13:48:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Automate macros.lnk
[2010/06/21 08:43:47 | 000,000,508 | ---- | M] () -- C:\WINNT\win.ini
[2010/06/21 08:43:44 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/06/21 08:00:36 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Work.lnk
[2010/06/21 07:09:54 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mimi.lnk
[2010/06/20 21:54:55 | 000,000,143 | ---- | M] () -- C:\WINNT\System32\AddPort.ini
[2010/06/20 21:54:21 | 000,000,606 | ---- | M] () -- C:\WINNT\hpntwksetup.ini
[2010/06/20 21:39:07 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/06/20 21:39:07 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
[2010/06/20 21:39:07 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/20 21:39:07 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/06/20 21:39:02 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DVDFab 7.lnk
[2010/06/20 21:17:22 | 000,000,998 | ---- | M] () -- C:\WINNT\unins001.dat
[2010/06/20 21:17:21 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickMonth Calendar.lnk
[2010/06/20 21:17:08 | 000,691,486 | ---- | M] () -- C:\WINNT\unins001.exe
[2010/06/20 21:09:40 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\GridMove.lnk
[2010/06/20 21:04:53 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk
[2010/06/20 21:02:24 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Software.lnk
[2010/06/20 21:01:15 | 000,325,112 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/06/20 20:52:23 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SmartDraw 7.lnk
[2010/06/20 20:34:50 | 000,015,223 | ---- | M] () -- C:\WINNT\System32\ameulas.dll
[2010/06/20 20:34:47 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoMate Task Service.lnk
[2010/06/20 20:34:08 | 000,000,023 | ---- | M] () -- C:\WINNT\System32\sco32.dll
[2010/06/20 13:36:17 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MyBook.lnk
[2010/06/20 10:16:09 | 000,072,748 | ---- | M] (Jordan Russell) -- C:\WINNT\unins000.exe
[2010/06/20 10:16:09 | 000,000,654 | ---- | M] () -- C:\WINNT\unins000.dat
[2010/06/20 03:01:04 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/06/19 23:15:10 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\User\Desktop\D drive (DVD-RW).lnk
[2010/06/19 23:15:04 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\C drive.lnk
[2010/06/19 22:53:28 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
[2010/06/19 22:53:28 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010/06/19 22:49:57 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\User\Desktop\References.lnk
[2010/06/19 22:49:43 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Job search.lnk
[2010/06/19 22:49:42 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Konsepsyon.lnk
[2010/06/19 22:49:40 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Codex.lnk
[2010/06/19 22:49:37 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spark Institute.lnk
[2010/06/19 22:40:03 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DVD Rips.lnk
[2010/06/19 22:39:55 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Video.lnk
[2010/06/19 22:39:52 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Photos.lnk
[2010/06/19 22:39:49 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\File Cabinet.lnk
[2010/06/19 22:39:44 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Backups.lnk
[2010/06/19 22:39:42 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Audio.lnk
[2010/06/19 22:38:51 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\WallMaster Pro.lnk
[2010/06/19 19:49:17 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Control Panel.lnk
[2010/06/07 20:16:01 | 000,763,832 | ---- | M] () -- C:\WINNT\BDTSupport.dll.old
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/07/05 09:10:58 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\User\Desktop\GMER.lnk
[2010/07/05 09:09:51 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis (2).lnk
[2010/07/05 09:05:23 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - IE popping up ad windows at random.URL
[2010/07/02 16:52:42 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Altium Designer 2004 (SP3).lnk
[2010/07/01 19:21:11 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/06/30 08:44:08 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Blackline workspace.lnk
[2010/06/30 01:12:42 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/06/29 21:38:52 | 000,763,832 | ---- | C] () -- C:\WINNT\BDTSupport.dll.old
[2010/06/29 15:01:12 | 000,000,408 | -H-- | C] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2010/06/29 14:54:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/29 14:52:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2010/06/24 20:48:02 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Watch video.bat.lnk
[2010/06/24 20:10:33 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Mimi.lnk
[2010/06/24 07:39:25 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Household.lnk
[2010/06/23 22:12:35 | 000,000,151 | ---- | C] () -- C:\WINNT\QScreenCapt.ini
[2010/06/23 22:10:25 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/06/23 21:14:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 21:09:42 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Arachnophilia.lnk
[2010/06/21 21:36:48 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Web.lnk
[2010/06/21 13:48:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Automate macros.lnk
[2010/06/21 08:00:36 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Work.lnk
[2010/06/21 07:09:54 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mimi.lnk
[2010/06/20 21:54:55 | 000,000,143 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2010/06/20 21:54:54 | 000,009,864 | R--- | C] () -- C:\WINNT\System32\hptcpmui.hlp
[2010/06/20 21:54:54 | 000,009,820 | R--- | C] () -- C:\WINNT\System32\hpipxmui.hlp
[2010/06/20 21:54:54 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2010/06/20 21:54:29 | 000,749,568 | R--- | C] () -- C:\WINNT\System32\agissi.dll
[2010/06/20 21:54:28 | 000,805,928 | R--- | C] () -- C:\WINNT\System32\hp2600n.img
[2010/06/20 21:54:27 | 011,194,368 | R--- | C] () -- C:\WINNT\System32\zhhp_res.dll
[2010/06/20 21:54:26 | 000,327,680 | R--- | C] () -- C:\WINNT\System32\zshp2600.exe
[2010/06/20 21:54:26 | 000,241,664 | R--- | C] () -- C:\WINNT\System32\zhhp2600.exe
[2010/06/20 21:54:25 | 000,114,688 | R--- | C] () -- C:\WINNT\System32\vshp2600.dll
[2010/06/20 21:54:25 | 000,007,294 | R--- | C] () -- C:\WINNT\System32\ZSHP2600.HLP
[2010/06/20 21:53:42 | 000,000,606 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2010/06/20 21:39:15 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.log
[2010/06/20 21:39:07 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
[2010/06/20 21:39:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
[2010/06/20 21:39:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
[2010/06/20 21:39:02 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DVDFab 7.lnk
[2010/06/20 21:17:21 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\QuickMonth Calendar.lnk
[2010/06/20 21:17:14 | 000,691,486 | ---- | C] () -- C:\WINNT\unins001.exe
[2010/06/20 21:17:14 | 000,000,998 | ---- | C] () -- C:\WINNT\unins001.dat
[2010/06/20 21:09:40 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\GridMove.lnk
[2010/06/20 21:05:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2010/06/20 21:04:53 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Widgets.lnk
[2010/06/20 20:53:52 | 000,000,448 | ---- | C] () -- C:\WINNT\tasks\SDMsgUpdate (SD).job
[2010/06/20 20:52:23 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SmartDraw 7.lnk
[2010/06/20 20:43:03 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Excel 2007.lnk
[2010/06/20 20:42:58 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Word 2007.lnk
[2010/06/20 20:34:50 | 000,015,223 | ---- | C] () -- C:\WINNT\System32\ameulas.dll
[2010/06/20 20:34:47 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoMate Task Service.lnk
[2010/06/20 20:34:40 | 000,057,856 | ---- | C] () -- C:\WINNT\System32\UnisynLib.dll
[2010/06/20 20:34:21 | 000,109,568 | ---- | C] () -- C:\WINNT\System32\AMJR.dll
[2010/06/20 20:34:17 | 000,006,439 | ---- | C] () -- C:\WINNT\System32\Sbe5_000.cnt
[2010/06/20 20:34:16 | 000,318,592 | ---- | C] () -- C:\WINNT\System32\Sbe5_000.hlp
[2010/06/20 20:34:08 | 000,000,023 | ---- | C] () -- C:\WINNT\System32\sco32.dll
[2010/06/20 13:36:17 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MyBook.lnk
[2010/06/20 10:16:08 | 000,000,654 | ---- | C] () -- C:\WINNT\unins000.dat
[2010/06/19 23:15:10 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\User\Desktop\D drive (DVD-RW).lnk
[2010/06/19 23:15:04 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\User\Desktop\C drive.lnk
[2010/06/19 22:53:28 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
[2010/06/19 22:53:28 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010/06/19 22:50:07 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Blackline GPS.lnk
[2010/06/19 22:49:57 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\User\Desktop\References.lnk
[2010/06/19 22:49:43 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Job search.lnk
[2010/06/19 22:49:42 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Konsepsyon.lnk
[2010/06/19 22:49:40 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Codex.lnk
[2010/06/19 22:49:37 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Spark Institute.lnk
[2010/06/19 22:40:02 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DVD Rips.lnk
[2010/06/19 22:39:55 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Video.lnk
[2010/06/19 22:39:54 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Software.lnk
[2010/06/19 22:39:52 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Photos.lnk
[2010/06/19 22:39:49 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\File Cabinet.lnk
[2010/06/19 22:39:46 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Documents.lnk
[2010/06/19 22:39:44 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Backups.lnk
[2010/06/19 22:39:42 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Audio.lnk
[2010/06/19 22:38:51 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\WallMaster Pro.lnk
[2010/06/19 19:49:17 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Control Panel.lnk
[2009/02/27 14:58:11 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4814.dll
[2009/02/12 12:41:04 | 001,399,880 | ---- | C] () -- C:\WINNT\System32\igklg450.dll
[2009/02/12 12:41:04 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4926.dll
[2009/02/12 12:41:04 | 000,104,636 | ---- | C] () -- C:\WINNT\System32\igmedcompkrn.dll
[2009/02/12 12:41:03 | 001,843,784 | ---- | C] () -- C:\WINNT\System32\igklg400.dll
[2006/06/09 11:06:36 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2006/05/24 16:47:11 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2006/04/18 18:04:53 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2005/07/27 13:54:24 | 000,073,728 | ---- | C] () -- C:\WINNT\System32\TVCtrl.dll
[2005/07/27 13:54:23 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\GenCtrl.dll
[2005/07/27 13:54:23 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\ColorCtr.dll
[2005/07/27 13:54:23 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\Multview.dll
[2005/07/27 13:54:23 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\LCDCtrl.dll
[2005/07/27 13:54:23 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\CRTCtrl.dll
[2005/07/27 13:54:23 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\DTMenuEx.dll
[2005/07/18 11:27:50 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\NTDisUn.dll
[2005/07/18 09:51:39 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2005/07/18 09:51:38 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2005/07/18 09:51:37 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2005/07/18 09:51:33 | 001,466,368 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2005/04/15 16:31:47 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2005/04/15 13:52:58 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2005/04/15 12:45:32 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2005/04/15 12:33:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[2004/10/26 15:39:06 | 003,375,104 | ---- | C] () -- C:\WINNT\System32\qt-mt331.dll
[1999/11/16 12:04:36 | 000,485,376 | ---- | C] () -- C:\WINNT\System32\DrRw40.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
Extras.txt
OTL Extras logfile created on: 7/5/2010 12:24:13 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 382.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 99.01 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LATITUDE
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINNT\TEMP\AUTMGR32.EXE ()
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINNT\TEMP\AUTMGR32.EXE ()
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37CFC56D-8602-4E25-AB1E-DDA891F52C01}" = Altium Designer 2004 (SP3)
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo XPack (DVD Only)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}" = Paint.NET v3.20
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AddressBar" = MuvEnum Address Bar - Windows Explorer Extension
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Altium Designer 2004 Service Pack 4" = Altium Designer 2004 Service Pack 4
"AutoMate 4" = AutoMate 4
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Display Driver Setup" = Trident Display Driver
"DVDFab 7_is1" = DVDFab 7.0.1.2 Beta (05/03/2010)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GridMove_is1" = GridMove V1.19.53
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"Icon Restore_is1" = Icon Restore 1.0
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NameIt" = NameIt
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"Q903235" = Internet Explorer Q903235
"QuickMonth Calendar_is1" = QuickMonth Calendar 1.1
"SmartDraw 7" = SmartDraw 7
"TeraCopy_is1" = TeraCopy 1.22
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TrueCrypt" = TrueCrypt
"WallMaster Pro" = WallMaster Pro
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/5/2010 1:39:59 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.
Error - 7/5/2010 1:57:41 AM | Computer Name = LATITUDE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.
Error - 7/5/2010 1:57:43 AM | Computer Name = LATITUDE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 7/5/2010 2:29:15 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.
Error - 7/5/2010 3:28:23 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x181f17fb.
Error - 7/5/2010 10:25:03 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x00010817.
Error - 7/5/2010 10:46:22 AM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.
Error - 7/5/2010 11:06:19 AM | Computer Name = LATITUDE | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.5902.0, P3 1.85.1178.0, P4 1.85.1178.0, P5 trojan_win32_fakecog, P6 NIL,
P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 7/5/2010 11:09:09 AM | Computer Name = LATITUDE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.
Error - 7/5/2010 11:09:14 AM | Computer Name = LATITUDE | Source = MSSecurityEssentials | ID = 5000
Description =
[ System Events ]
Error - 7/4/2010 10:31:37 PM | Computer Name = LATITUDE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 7/4/2010 10:33:10 PM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 7/4/2010 10:33:10 PM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 7/5/2010 1:57:40 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1178.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally
Error - 7/5/2010 4:08:19 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147632576 User:
NT AUTHORITY\NETWORK SERVICE Name: Virus:Win32/Alureon.H ID: 2147632576 Severity:
Severe Category: Virus Path: rootkit:Alureon->redbook Action: %%810 Error Code: 0x800704ec
Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Status: To finish removing spyware and other potentially
unwanted software, restart the computer. To see how to finish removing spyware
and other potentially unwanted software, see this support article on the Microsoft
Security website. Signature Version: AV: 1.85.1178.0, AS: 1.85.1178.0 Engine Version:
1.1.5902.0
Error - 7/5/2010 10:01:14 AM | Computer Name = LATITUDE | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 7/5/2010 10:02:33 AM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 7/5/2010 10:02:33 AM | Computer Name = LATITUDE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 7/5/2010 11:08:06 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... 2147624544 User:
LATITUDE\User Name: Trojan:Win32/FakeCog ID: 2147624544 Severity: High Category: Worm
Path:
Action: %%808 Error Code: 0x80508023 Error description: The program could not find
the spyware and other potentially unwanted software on this computer. Status: Signature
Version: AV: 1.85.1178.0, AS: 1.85.1178.0 Engine Version: 1.1.5902.0
Error - 7/5/2010 11:09:09 AM | Computer Name = LATITUDE | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.1178.0 Update Source: %%859 Update Stage:
%%852 Source Path:
http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally
< End of report >
GMER:
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-05 16:15:09
Windows 5.1.2600 Service Pack 3
Running: 070t9u4j.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\ffryapod.sys
---- Kernel code sections - GMER 1.0.15 ----
? SYSTEM32\DRIVERS\xfzlamon.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[892] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat A910ED20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[5] 4537 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[6] 4514 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[7] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\st[8] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GVE9KL4Q\CAYVGPW5.htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CA0X67W1.htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[15] 4520 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[16] 4520 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[17] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\st[18] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PCP18ICH\CAU3WTUN.htm 0 bytes
---- EOF - GMER 1.0.15 ----