Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange error message..repeats over and over. Can you help please? upd

Started by seaspiritnw , Mar 30 2009 08:38 PM

  • This topic is locked This topic is locked

#1
seaspiritnw
Posted 30 March 2009 - 08:38 PM

seaspiritnw

    Member

  • Member
  • PipPip
  • 14 posts
This black box keeps popping up with this at the top.. C:\DOCUME-1\HP_OWNER\LOCALS-1\TEMP\le123.tmp..now there is a new one.It says the same thing except at the end it says ie6tmp...now there are others each with a different thing at the end.

Inside the box it says "this program cannot run in DOS"

I have followed the steps in the malwars guide here and these are the logs.

This computer is used by other family members ( they don't live here ) and I believe someone visited adult websites over the weekend. They had erased the history before I could see it but I am sure they did. After they had left I tried to see where they had been but I think that's what started the problem. Thank you in advance for your help.




Rootkit Log


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:32432 Mo/Free:1125 Mo)
D:\ [Fixed] - FAT32 - (Total:5710 Mo/Free:777 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)

Mon 03/30/2009|22:05

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\PixArt\PAC207\Monitor.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
---------- C:\Program Files\VTech\Community\System\PCTray.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 03/30/2009|22:06

----------------------\\ Scan completed at 22:06



OTL Log Extras
OTListIt Extras logfile created on: 3/30/2009 10:09:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4UD5N0MP
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 388.81 Mb Available Physical Memory | 51.19% Memory free
1.81 Gb Paging File | 1.47 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): C:\pagefile.sys 1138 1138;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.67 Gb Total Space | 17.10 Gb Free Space | 53.98% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.76 Gb Free Space | 13.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKBEARD
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion ()
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Primedius\PrimediusProxy.exe:*:Disabled:PrimediusProxy File not found
C:\Program Files\Defender Pro\Defender Pro System Utilities\Drive Cleaner\DriveCleaner.exe:*:Enabled:1 - Drive Cleaner File not found
C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\Venturi2\Configurator\ventcfg.exe:*:Enabled:Venturi Accelerator File not found
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic File not found
C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic File not found
C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic File not found
C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console (Microsoft Corporation)
C:\Program Files\FileZilla Client\filezilla.exe:*:Enabled:FileZilla FTP Client (FileZilla Project)
C:\pss\NetJetServer.exe:*:Enabled:NetJetEngine Web Server Product from Renasoft File not found
C:\Program Files\Mask Surf\MaskSurf.exe:*:Enabled:Mask Surf File not found
C:\Documents and Settings\HP_Owner\Local Settings\Temp\MaskSurf.TMP0:*:Enabled:MaskSurf File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator Application File not found
C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL File not found
C:\Program Files\Common Files\AOL\1153841042\EE\AOLServiceHost.exe:*:Disabled:AOL File not found
C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL File not found
C:\Program Files\Defender\Defender Pro 2005\kav.exe:*:Disabled:Defender Pro 2005 File not found
C:\Program Files\Defender Pro\Defender Pro Anti Pop Up\PopUpKiller.exe:*:Disabled:Defender Pro Anti Pop Up File not found
C:\Program Files\Defender Pro\Defender Pro System Utilities\DefenderProSystem.exe:*:Disabled:Defender Pro System Utilities File not found
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink File not found
C:\Program Files\Easy Internet signup\HPSdpApp.exe:*:Disabled:Easy Internet Sign-up (Hewlett-Packard)
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater File not found
C:\Program Files\PersonalWebKit3\personalwebkit.exe:*:Disabled:personalwebkit File not found
C:\Program Files\PeoplePC Accelerated\PropelAC.exe:*:Disabled:Start PeoplePC Accelerated File not found
C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost File not found
C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs (Sun Microsystems, Inc.)
C:\Program Files\Spyware Terminator\sp_rsser.exe:*:Enabled:sp_rsser File not found
C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:SpywareTerminator File not found
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\VTech\Community\System\PCTray.exe:*:Disabled:Vtech local server (VTech)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{31220F55-4AA9-4386-83BA-F2CF5E91BB3C}" = PC CIF Camer@
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7C5B88B2-AEDC-49A8-B72C-7A0C61FB6566}" = V.Link
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{8FA728A1-CF5B-11D8-9D3B-00003988AD18}" = Fatbits 2.03
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92C95F0E-AE85-4D74-B2F7-29D8A449CC2C}" = Ancestry World Archives Project - Keying Tool
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9DF095E1-8EC2-4892-8740-93769DB1E944}" = User Agent String Utility
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A6A13E30-656F-4876-9B03-FBD4D712BB40}" = Wal-Mart Music Downloads Store
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B672F12C-F1A2-4D77-BE7C-D96AE5F59C7E}" = V.Link
"{BBBA5BAD-42E7-4F2C-BA03-0D6F0D41F510}" = World Archives Project Keying Tool Install and Uninstall
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC3254F8-301E-43CB-9EC3-BDC28A882A5D}" = Medic Patch 6.0.0.8
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AOL Instant Messenger" = AOL Instant Messenger
"AtlantaBraves.net" = AtlantaBraves.net
"Audacity_is1" = Audacity 1.2.6
"BackWeb-309731 Uninstaller" = Updates from HP
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Deer Avenger" = Deer Avenger
"Easy Text To HTML Converter" = Easy Text To HTML Converter
"elton Toolbar" = elton Toolbar
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.1.6
"Free Internet Window Washer" = Free Internet Window Washer
"fvnorthwestern Toolbar" = fvnorthwestern Toolbar
"Ghost Hunter" = Ghost Hunter
"Help and Support Additions" = Help and Support Additions
"Hoyle Slots & Video Poker 3" = Hoyle Slots & Video Poker 3
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ieSpell" = ieSpell
"InstallShield_{31220F55-4AA9-4386-83BA-F2CF5E91BB3C}" = PC CIF Camer@
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Multi Virus Cleaner 2007_is1" = Multi Virus Cleaner 2007
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"SeaStorm 3D Screensaver" = SeaStorm 3D Screensaver (remove only)
"Sierra Utilities" = Sierra Utilities
"ST5UNST #1" = Witches and Wizards Clipart
"ST6UNST #1" = Ghost-Tech P. I.
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2009 9:36:04 AM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/23/2009 9:36:13 AM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1001
Description = Fault bucket 1110235319.

Error - 3/23/2009 5:50:30 PM | Computer Name = BLACKBEARD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x00014e5e.

Error - 3/25/2009 1:26:33 PM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2009 1:26:39 PM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1001
Description = Fault bucket 1110235319.

Error - 3/26/2009 2:13:55 PM | Computer Name = BLACKBEARD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x001b7578.

Error - 3/29/2009 3:09:50 PM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2009 3:10:09 PM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1001
Description = Fault bucket 1110235319.

Error - 3/30/2009 8:35:58 PM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1002
Description = Hanging application DesktopWeather.exe, version 6.0.0.9, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/30/2009 8:36:13 PM | Computer Name = BLACKBEARD | Source = Application Hang | ID = 1001
Description = Fault bucket 1160259723.

[ System Events ]
Error - 3/30/2009 8:45:26 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:26 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:26 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:26 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:26 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:26 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:27 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 8:45:27 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/30/2009 9:11:17 PM | Computer Name = BLACKBEARD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 3/30/2009 9:11:57 PM | Computer Name = BLACKBEARD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp1


< End of report >


OTL LisTxt


OTListIt logfile created on: 3/30/2009 10:09:59 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4UD5N0MP
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 388.81 Mb Available Physical Memory | 51.19% Memory free
1.81 Gb Paging File | 1.47 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): C:\pagefile.sys 1138 1138;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.67 Gb Total Space | 17.10 Gb Free Space | 53.98% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.76 Gb Free Space | 13.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKBEARD
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\VTech\Community\System\PCTray.exe (VTech)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4UD5N0MP\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Disabled | Stopped]) -- File not found
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ICDSPTSV [On_Demand | Stopped]) -- File not found
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Disabled | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - ({00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC} [Disabled | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (PAC207 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (viaagp1 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (VNUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - URLSearchHook: {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/10/24 21:07:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3A82A17B-F1DE-408A-AB30-11F63F57BCA2}: C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\APPLICATION DATA\{3A82A17B-F1DE-408A-AB30-11F63F57BCA2} [2009/01/16 10:06:42 | 00,000,000 | ---D | M]

[2008/12/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2008/12/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/08/16 19:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\zo7z4muq.default\extensions

O1 HOSTS File: (302468 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10428 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (fvnorthwestern Toolbar) - {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {819B17EF-481E-4627-9DB7-826154CD93C7} - C:\WINDOWS\system32\cbXPFVLE.dll File not found
O2 - BHO: (AtlantaBraves.net) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: () - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (fvnorthwestern Toolbar) - {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (elton toolbar) - {bb60cb19-fc33-4cb8-9e13-3e772b657aa5} - C:\Program Files\elton\tbelt1.dll (Platforma Online Ltd.)
O3 - HKLM\..\Toolbar: (AtlantaBraves.net) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1F1E8D7B-FE22-4B03-810D-DC9E2347CD02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BB60CB19-FC33-4CB8-9E13-3E772B657AA5} - C:\Program Files\elton\tbelt1.dll (Platforma Online Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CommunityTray] "C:\Program Files\VTech\Community\System\Startup.exe" (VTech)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCYYYYYYYYUS
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: asylumcam.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: forumarena.com ([ghosts101] https in Trusted sites)
O15 - HKCU\..Trusted Domains: free-web-hosting.biz ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jasonsghost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: memory-works.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: peoplepc.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: photobucket.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pogo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Sites: twopeasinabucket.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: twopeasinabucket.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vsmilelink.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Sites: weatherchannel.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 62 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://ocracokeharbo....org/VatDec.cab (VatCtrl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.h...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust...an/pestscan.cab (PSFormX Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.co...amPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1195054723890 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.putfile.c...Uploader4-5.cab (Image Uploader Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://67.77.132.2/a...sCamControl.cab (CamImage Class)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://eilandonan.re...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by116fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: GenealogyBrowser.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O16 - DPF: ZInst.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (qfawth.dll) - File not found
O20 - AppInit_DLLs: (ikzrqy.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\cbXPFVLE) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[9999/01/20 04:09:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/30 22:05:16 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/30 20:50:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/30 20:49:59 | 00,000,622 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\NTREGOPT.lnk
[2009/03/30 20:49:59 | 00,000,603 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\ERUNT.lnk
[2009/03/30 20:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/29 21:31:54 | 00,020,722 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\error1.jpg
[2009/03/29 16:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/29 16:10:54 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/29 16:10:12 | 00,001,615 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\QuickTime Player.lnk
[2009/03/29 16:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/29 16:07:18 | 00,106,136 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\Clipboard01error.jpg
[2009/03/29 16:06:57 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 16:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/29 16:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/29 03:14:59 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2009/03/28 23:25:34 | 00,008,711 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam94.jpg
[2009/03/28 23:24:40 | 00,082,653 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam8.jpg
[2009/03/28 18:57:12 | 00,012,114 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam2CAVWS6IO.jpg
[2009/03/28 18:55:14 | 00,011,932 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1CAYPDTQR.jpg
[2009/03/28 18:54:59 | 00,011,964 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1CAIXZ2TN.jpg
[2009/03/27 00:29:00 | 00,016,696 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\clown4.gif
[2009/03/27 00:02:48 | 00,166,062 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\LawsonGraves.jpg
[2009/03/26 23:58:14 | 00,003,968 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\lawsonpic.jpg
[2009/03/26 23:57:10 | 00,002,445 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\Lawsons.rtf
[2009/03/26 21:39:23 | 00,010,585 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam101010.jpg
[2009/03/26 21:38:28 | 00,010,592 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1454.jpg
[2009/03/26 18:59:39 | 00,536,721 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\fan_advisory_board_application_for_website0.rtf
[2009/03/26 18:52:53 | 00,111,616 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\fan_advisory_board_application_for_website.doc
[2009/03/25 22:47:32 | 00,018,059 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\deckcam.jpg
[2009/03/24 14:05:32 | 00,033,502 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (5).jpg
[2009/03/24 14:05:28 | 00,230,454 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (4).bmp
[2009/03/24 14:05:25 | 00,021,069 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (3).jpg
[2009/03/24 14:05:21 | 00,023,563 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (2).jpg
[2009/03/24 14:05:16 | 00,230,454 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (1).bmp
[2009/03/24 14:05:02 | 00,006,457 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409.jpg
[2009/03/24 14:04:45 | 00,230,454 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\untitled2.bmp
[2009/03/24 14:04:45 | 00,230,454 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\untitled.bmp
[2009/03/24 14:04:45 | 00,033,502 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\fae.jpg
[2009/03/24 14:04:45 | 00,023,563 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\untitled0.jpg
[2009/03/24 14:04:45 | 00,021,069 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\heart.jpg
[2009/03/24 14:04:11 | 00,267,529 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\jm1-animate.gif
[2009/03/24 14:04:11 | 00,235,428 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\mmn-animate.gif
[2009/03/24 14:04:11 | 00,213,007 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\100-animate.gif
[2009/03/24 12:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\The_Generations_Network
[2009/03/24 12:03:37 | 00,002,569 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ancestry World Archives Project Keying Tool.lnk
[2009/03/24 12:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ancestry
[2009/03/23 09:08:53 | 00,000,921 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\The Weather Channel Desktop .lnk
[2009/03/23 00:01:29 | 00,008,960 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam22.jpg
[2009/03/23 00:01:29 | 00,008,903 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam23.jpg
[2009/03/23 00:01:29 | 00,008,870 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam21.jpg
[2009/03/23 00:01:29 | 00,008,856 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam20.jpg
[2009/03/23 00:01:29 | 00,008,849 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\cam2.jpg
[2009/03/22 23:56:22 | 00,013,082 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\100.jpg
[2009/03/22 23:28:40 | 00,018,611 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\mmn.jpg
[2009/03/22 23:23:56 | 00,008,858 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam2CAER63U8.jpg
[2009/03/22 23:21:56 | 00,008,801 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam200.jpg
[2009/03/22 20:51:03 | 00,299,013 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\atlanta_braves.pdf
[2009/03/22 20:50:55 | 00,184,777 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\carolina_tarheels.pdf
[2009/03/22 20:50:17 | 00,081,027 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\nascar.pdf
[2009/03/22 20:47:34 | 00,013,849 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\jimmie_johnson_std gimp.PAT
[2009/03/22 20:47:12 | 00,163,101 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\jimmie_johnson.pdf
[2009/03/22 16:03:53 | 00,680,155 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\wildthings.zip
[2009/03/22 00:09:10 | 00,007,291 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\5.jpg
[2009/03/22 00:09:10 | 00,007,233 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\6.jpg
[2009/03/22 00:09:10 | 00,007,158 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\4.jpg
[2009/03/22 00:09:10 | 00,007,154 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\2.jpg
[2009/03/22 00:09:10 | 00,007,147 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\3.jpg
[2009/03/22 00:09:10 | 00,007,112 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\1.jpg
[2009/03/21 23:14:40 | 00,015,534 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\jm1.jpg
[2009/03/19 21:18:04 | 00,443,392 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\file2.FBK
[2009/03/19 21:16:54 | 00,443,392 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\file2.FTW
[2009/03/19 21:15:31 | 00,679,936 | ---- | C] () -- C:\DOCUME~1\HP_Owner\My Documents\mygedP.FBK
[2009/03/15 17:15:56 | 00,044,114 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\mtc banner.gif
[2009/03/14 15:35:35 | 00,070,638 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\bannerfans_95822mpnc.jpg
[2009/03/10 22:23:05 | 00,008,256 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1ji.jpg
[2009/03/09 17:25:36 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_Owner\My Documents\My Smilebox Creations
[2009/03/09 17:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\Smilebox
[2009/03/06 22:08:23 | 00,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2009/03/06 22:08:23 | 00,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/03/06 22:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2009/03/06 22:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC CIF Camer@
[2009/03/06 22:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2009/03/06 21:36:03 | 00,005,175 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\cam3.jpg
[2009/03/02 18:37:52 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Qzefy6xGat.gif
[2009/03/02 18:37:52 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Qzefy6xGcn.gif
[2009/03/02 18:37:52 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Qzefy6xGby.gif
[2009/03/01 23:38:22 | 00,009,034 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\dollhouse.jpg

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[9999/01/20 04:10:18 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[9999/01/20 04:09:44 | 00,000,316 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2009/03/30 21:51:14 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{97681171-BE9F-43F2-8540-92002CBA391B}.job
[2009/03/30 21:12:43 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/30 21:11:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 21:11:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 21:11:09 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/30 20:49:59 | 00,000,622 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\NTREGOPT.lnk
[2009/03/30 20:49:59 | 00,000,603 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\ERUNT.lnk
[2009/03/29 21:31:54 | 00,020,722 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\error1.jpg
[2009/03/29 16:10:12 | 00,001,615 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\QuickTime Player.lnk
[2009/03/29 16:07:18 | 00,106,136 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\Clipboard01error.jpg
[2009/03/29 16:06:57 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 11:02:31 | 00,001,559 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\CCleaner.lnk
[2009/03/29 03:14:54 | 00,008,704 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/03/28 23:25:29 | 00,008,711 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam94.jpg
[2009/03/28 23:24:32 | 00,082,653 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam8.jpg
[2009/03/28 18:57:06 | 00,012,114 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam2CAVWS6IO.jpg
[2009/03/28 18:55:10 | 00,011,932 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1CAYPDTQR.jpg
[2009/03/28 18:54:50 | 00,011,964 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1CAIXZ2TN.jpg
[2009/03/27 00:28:27 | 00,016,696 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\clown4.gif
[2009/03/26 23:58:01 | 00,003,968 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\lawsonpic.jpg
[2009/03/26 23:57:10 | 00,002,445 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\Lawsons.rtf
[2009/03/26 23:49:16 | 00,166,062 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\LawsonGraves.jpg
[2009/03/26 21:39:14 | 00,010,585 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam101010.jpg
[2009/03/26 21:38:19 | 00,010,592 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1454.jpg
[2009/03/26 21:21:29 | 00,001,179 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/26 21:21:29 | 00,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2009/03/26 21:21:27 | 01,425,920 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\tree 1.FTW
[2009/03/26 21:21:27 | 01,425,920 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\tree 1.FBK
[2009/03/26 19:26:45 | 00,536,721 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\fan_advisory_board_application_for_website0.rtf
[2009/03/26 18:52:55 | 00,111,616 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\fan_advisory_board_application_for_website.doc
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 22:47:27 | 00,018,059 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\deckcam.jpg
[2009/03/24 22:32:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/24 22:32:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/24 22:32:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/03/24 22:32:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/24 14:09:51 | 00,002,569 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Ancestry World Archives Project Keying Tool.lnk
[2009/03/23 14:34:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/23 14:34:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/23 11:51:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/23 11:51:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/23 11:40:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/23 11:40:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/23 11:39:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/23 11:39:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/23 11:38:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/23 11:38:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/23 09:08:53 | 00,000,921 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\The Weather Channel Desktop .lnk
[2009/03/22 23:56:31 | 00,213,007 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\100-animate.gif
[2009/03/22 23:56:23 | 00,013,082 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\100.jpg
[2009/03/22 23:28:46 | 00,235,428 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\mmn-animate.gif
[2009/03/22 23:28:40 | 00,018,611 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\mmn.jpg
[2009/03/22 23:23:49 | 00,008,858 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam2CAER63U8.jpg
[2009/03/22 23:21:49 | 00,008,801 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam200.jpg
[2009/03/22 23:20:49 | 00,008,903 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam23.jpg
[2009/03/22 23:20:39 | 00,008,960 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam22.jpg
[2009/03/22 23:20:29 | 00,008,870 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam21.jpg
[2009/03/22 23:20:19 | 00,008,856 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam20.jpg
[2009/03/22 23:20:04 | 00,008,849 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam2.jpg
[2009/03/22 20:51:05 | 00,299,013 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\atlanta_braves.pdf
[2009/03/22 20:50:55 | 00,184,777 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\carolina_tarheels.pdf
[2009/03/22 20:50:17 | 00,081,027 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\nascar.pdf
[2009/03/22 20:47:34 | 00,013,849 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\jimmie_johnson_std gimp.PAT
[2009/03/22 20:47:13 | 00,163,101 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\jimmie_johnson.pdf
[2009/03/22 16:03:54 | 00,680,155 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\wildthings.zip
[2009/03/21 23:14:46 | 00,267,529 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\jm1-animate.gif
[2009/03/21 23:14:40 | 00,015,534 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\jm1.jpg
[2009/03/21 23:11:50 | 00,007,233 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\6.jpg
[2009/03/21 23:11:40 | 00,007,291 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\5.jpg
[2009/03/21 23:11:30 | 00,007,158 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\4.jpg
[2009/03/21 23:11:25 | 00,007,147 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\3.jpg
[2009/03/21 23:11:20 | 00,007,154 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\2.jpg
[2009/03/21 23:11:00 | 00,007,112 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\1.jpg
[2009/03/19 21:20:39 | 00,443,392 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\file2.FTW
[2009/03/19 21:20:39 | 00,443,392 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\file2.FBK
[2009/03/19 21:17:04 | 00,679,936 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\mygedP.FTW
[2009/03/19 21:17:04 | 00,679,936 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\mygedP.FBK
[2009/03/18 23:08:55 | 00,033,502 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\fae.jpg
[2009/03/18 23:08:55 | 00,033,502 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (5).jpg
[2009/03/18 23:05:33 | 00,230,454 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\untitled2.bmp
[2009/03/18 23:05:33 | 00,230,454 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (4).bmp
[2009/03/18 22:44:49 | 00,021,069 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\heart.jpg
[2009/03/18 22:44:49 | 00,021,069 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (3).jpg
[2009/03/18 22:40:33 | 00,023,563 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\untitled0.jpg
[2009/03/18 22:40:33 | 00,023,563 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (2).jpg
[2009/03/18 22:39:36 | 00,230,454 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\untitled.bmp
[2009/03/18 22:39:36 | 00,230,454 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409 (1).bmp
[2009/03/18 16:03:39 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/17 21:17:59 | 00,006,457 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\cam409.jpg
[2009/03/17 10:29:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/17 10:29:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/16 10:54:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/16 10:54:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/16 10:54:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/16 10:54:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/15 17:14:51 | 00,044,114 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\mtc banner.gif
[2009/03/14 15:35:35 | 00,070,638 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\bannerfans_95822mpnc.jpg
[2009/03/14 10:12:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/03/14 10:12:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/14 10:11:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/03/14 10:11:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/03/14 10:11:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/03/14 10:11:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/11 15:08:17 | 00,518,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 15:01:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 22:22:48 | 00,008,256 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam1ji.jpg
[2009/03/09 11:50:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/09 11:50:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/08 10:43:20 | 00,480,356 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 10:43:20 | 00,407,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 10:43:20 | 00,064,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 21:35:58 | 00,005,175 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\cam3.jpg
[2009/03/06 21:24:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/06 21:24:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/06 21:23:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/06 21:23:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/03/04 15:00:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/04 15:00:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/04 14:59:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/04 14:59:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/02 19:07:02 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Qzefy6xGat.gif
[2009/03/02 19:07:02 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Qzefy6xGcn.gif
[2009/03/02 19:07:02 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Qzefy6xGby.gif
[2009/03/02 19:05:16 | 00,302,468 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/01 23:38:13 | 00,009,034 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\dollhouse.jpg
[2009/03/01 19:18:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/01 19:18:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/01 19:16:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/01 19:16:51 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt256.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\winnt.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twunk_32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\twunk_16.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ws2help(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ws2_32(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wowexec.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmi(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsta(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsrv(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool(3)(2).drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winoldap.mod:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winmine.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon(3)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhttp(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winhlp32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win87em.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webclnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdigest(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vidx16.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vcl50.bpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\urlmon(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unPPC.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unMAX.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unACC.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umpnpmgr(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umloader.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsappcmp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\toolhelp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapisrv(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost(3)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sporder.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sol.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SNWValid.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sndvol32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss(2)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\skdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SierraNW.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shlwapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shimeng(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shfolder(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shell.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services(2)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\samlib(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvpperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rpcss(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rmoc3260.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RegHero.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RDBios32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasmxs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasctrs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\quartz.vxd:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgr(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pschdprf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PPCInfo.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ppaluninst.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PopWait.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pifmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleacc(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole32(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbc32(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntsdexts.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netui2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netman(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netfxperf.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netcfgx(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ndptsp(2)(2).tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml4r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswsock(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcp60(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrepl35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msratelc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspatcha(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgina(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomct2.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscdexnt.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscat32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32(3)(2).drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mprmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mlang.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mfc40.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC30.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mdimon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mciqtz.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mcicda.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\main.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LuResult.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass(2)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lodctr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LMRTREND.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\l3codecx.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kmddsp(2)(2).tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kerberos(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kdcom.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\kbdus.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iyvu9_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IVIresize.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir41_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iphlpapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ipconf(2)(2).tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\inetcplc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxtray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\igfxsrvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxress.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxpph.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxhenu.lhp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxeud.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdo.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdiag.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdgps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfxcfg.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\igfx.hlp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icmui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\icfgnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmrnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdnt5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdev5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ialmdd5.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iacenc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzsnt10.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpzjfw01.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hpgwiamd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hkcmd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\himem.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\hidphone(2)(2).tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\h323(2)(2).tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\geo.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gdi.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\gcdef.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\freecell.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\find.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\esent(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\es(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ega.cpi:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drmclien.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wmilib.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\vtmini.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\viaagp1.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\usbd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\RDPCDD.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\R8139n51.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\PS2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\pfc.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\null.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mnmdd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\drivers\iviaspi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ialmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\HPZius12.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\HPZipr12.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\gm.dls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\fs_rec.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\etc\hosts.20090302-180516.backup:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxgthk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dxapi.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cdaudio.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\beep.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\audstub.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\system32\DRIVERS\AGRSM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpwsock.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dpserial.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dplay.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\doc.ico:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dmocx.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dimap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\diactfrm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dfrg.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\devmgmt.msc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbgeng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dxof.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3drm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dramp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\d3dim.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctype.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctl3d32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss(2)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cryptdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\crtdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\country.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\control.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comsvcs(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comres(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\commdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\command.com:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\colbact(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLOSEIE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\clb.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\charmap.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cc3250mt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\calc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cabinet(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_950.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_949.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_936.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_932.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_874.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_869.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_865.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_863.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_861.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_860.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_857.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_855.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_852.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_850.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_775.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_737.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28605.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28603.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28599.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28592.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_28591.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_21866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20866.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20261.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_20127.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1258.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1257.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1256.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1255.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1254.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10082.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10081.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10079.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10029.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10017.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10010.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10007.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10006.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\c_10000.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\borlndmm.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Audiodev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AtlBrowser.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\atl(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\alg(2)(2).exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advpack(2)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\adsldpc(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\activeds(3)(2).dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acelpdec.ax:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\accUNIN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\acctres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\24wwxsp1.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.cpx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$winnt$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$ncsp$.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\hpsysdrv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SIERRA.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\PCDLIB32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB911564.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB900485.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB898458.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\KB835221.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\iun506.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\hpomdl04.dat.temp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\hpoins04.dat.temp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\hphmdl03.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\HPHins03.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\AGRSMMSG.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\sp31392.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\elton\tbelt1.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\HP_Owner\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\HP_Owner\My Documents\killdisk.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\HP_Owner\My Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\HP_Owner\My Documents\boo.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\HP_Owner\My Documents\a & t1.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\HP_Owner\Desktop\Register with HP.url:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\ALLUSE~1\Documents\ESBK.mbb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\ALLUSE~1\Documents\ESBK.mb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\DOCUME~1\ALLUSE~1\Documents\desktop.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\AUTOEXEC.BAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\_Sid.txt:KAVICHS
@Alternate Data Stream - 3638 bytes -> C:\DOCUME~1\HP_Owner\My Documents\Genealogy.com Prevette Homepage.url:favicon
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Zapotec.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\xpsp1hfm.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\WW&W.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wsdu.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\winhelp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vmmreg32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vbaddin.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\vb.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\UPGRADE.TXT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\updspapi.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\twain.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\T.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WW&W.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wups(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng.dll.wusetup.8586656.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaueng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuaucpl.cpl.wusetup.8586390.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt1.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuauclt.exe.wusetup.8585671.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi.dll.wusetup.8585265.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wuapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wtsapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wsock32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshnetbs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshisn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshatm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\write.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdtrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wpdmtpdr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfaxui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wowdeb.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvdmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmod.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmp.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmiprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmimgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmidx.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmerrenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winstrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winspool(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winscard(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winnls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winlogon(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhelp.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WING32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WING.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winfax.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WindowsAccessBridge.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winchat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32k(2)(2).sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wifeman.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiasf.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webhits.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(3)(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdmaud(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdl.trm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBV32I.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\WBDBT32I.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbdbase.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wbcache.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w95inf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w95inf16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32topl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32tm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VTuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VTSetvga.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vticd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vtdisp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssadmin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vss_ps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VSFLEX3.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vjoy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Viewer.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfpodbc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\verifier.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ver.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VEN2232.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclsmp50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcljpg50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclie50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclib50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldbx50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcldb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vclbde50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vcdex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEND32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VBAEN32.OLB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5StKit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\VB5DB.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\v7vga.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uxtheme(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrvoica.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv80a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrv42a.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsvpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrshuta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrsdpia.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrrtosa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrprbda.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrmlnka.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlogon.cmd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrlbva.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrfaxa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdtea.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrdpa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcoina.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usrcntra.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ureg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unlodctr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uninst_smb_silently.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uninst_nrm_silently.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uninst_net_silently.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uninst_gart_silently.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uninst_disp_silently.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unam4ie.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umpnpmgr(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\umdmxfrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ufat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\typelib.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsshutdn.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tslabels.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tskill.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsdiscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tracert6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tm20dec.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tftp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeui50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teeqr50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\teedb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tee50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpsvcs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcmsetup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\taskman.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\TabWW&W.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprtj.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysprint.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysinv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sysedit.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\syncapp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\swprv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svcpack.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\svchost(2).exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\subrange.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\storage.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwoa.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlwid.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spxcoins.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio800.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprio600.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sprestrt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spnike.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbrccsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sisbkup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shiftjis.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ShellvRTF.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\share.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shadow.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfmapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setver.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupdll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setupapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setup.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serwvdrv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\services.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\serialui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secur32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sdpblb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scredir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sccbase.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardssp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RUNCLOSE.OCX:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\runas.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvpcnts.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmui.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsmsink.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcns4.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routetab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\routemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\route.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnr20.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\reset.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\replace.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rend.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regwiz.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regini.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regedt32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\recover.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\RDOCURS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasser.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasrad.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdial.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrs.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasctrnm.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasautou.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasadhlp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qwinsta.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qrpt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qosname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qcut.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\qappsrv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PyWinTypes22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PythonCOM22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\python22.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pubprn.vbs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ptpusb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psnppagn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pscript.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pschdcnt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ps2.bat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ProgressTrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prodspec.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\print.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\prflbmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5032.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pndx5016.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pmspl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\plustab.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ping6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\picclip.vbx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfwci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfi009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perffilt.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfd009.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfci.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pentnt.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pcl.sep:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PcdrKernelModeServices.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\PCDrJNI_1_1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pathping.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\paqsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\panmap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\osuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\omano.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olesvr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecnv32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli32(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olecli.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2nls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2disp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\OemInfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ODBCTL32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc16gt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\NVUninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntsd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsoprq.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmsevt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntimage.gif:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdos.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.tha:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.sve:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.nld:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.ita:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.fra:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.esn:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.enu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.eng:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.deu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.cht:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\noise.chs:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmfast50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nmevtmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nlsfunc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netshell(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netman(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\neth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\net.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncxpnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nbtstat.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\narrhook.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mtxclu(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxmlr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml3(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxml2r.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvideo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvbvm50.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswchx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msswch.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTKPRP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSSTDFMT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssip32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mssign32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrecr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRDO20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MSRD2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrclr40.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2cenu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msr2c.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspatcha(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msobjs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msidle(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msencode.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtcprf.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaudite.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaatext.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mrinfo.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprddm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpnotify.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mountvol.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modex.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mode.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmutilse.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmtask.tsk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdriver.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_qic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_mtf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mll_hp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\migpwd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\midimap(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mib.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc71u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71KOR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71JPN.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ITA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71FRA.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ESP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71DEU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71CHT.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC71CHS.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MFC42ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mem.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdwmdmsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mdhcp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciwave.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciseq.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciole16.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mciavi.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mchgrcoi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcdsrv32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcd32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapistub.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lzexpand.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lusrmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lprmonui.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lpq.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\logoff.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loghours.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\loadfix.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lnkstub.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lights.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lanman.drv:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\langwrbk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\label.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_intl.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\l_except.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\korean.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KodakCoI.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\key01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kerberos(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdycc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduzb.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusx.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdusl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdur.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbduk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuq.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtuf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdtat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsw.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdsf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdru.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdro.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdpl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdne.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdmac.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdlt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdla.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkyr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdkaz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit142.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdir.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdic.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhept.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhela2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe319.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe220.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdhe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgkl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdgae.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdfc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdest.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdes.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbddv.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdda.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz2.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz1.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdcan.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdca.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdblr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbene.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdbe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdazel.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kbdaze.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kb16.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kavsvc.exception.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_2.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kanji_1.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jupdate-1.5.0_04-b05.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jobexec.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jet500.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JAWTAccessBridge.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\JavaAccessBridge.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeW7.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizePX.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeP6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeM6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\IVIresizeA6.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iuengine.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irclass.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxsap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrtmgr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxrip.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxpromn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipxmontr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsec6.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprtprio.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iphlpapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iologmsg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\instcat.sql:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\infosoft.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetdb50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inet50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxzoom.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtha.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrkor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrjpn.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrita.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfra.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxresp.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrenu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdeu.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcht.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrchs.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtha.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhkor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhjpn.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhita.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfra.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhesp.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdeu.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcht.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhchs.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxext.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxexps.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ifsutil.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ideograf.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ibevnt50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassvcs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassdo.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iassam.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasrecst.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iaspolcy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasnap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iashlpr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasads.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iasacct.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmrem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgicd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ialmgdev.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3889.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iAlmCoIn_v3882.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hticons.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcon10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzcoi10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPZc3212.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpreg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\HPODStormEncoder.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpnvr82.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hostname.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\homepage.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hgk001h.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Hdaudpropshortcut.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Hdaudpropres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Hdaudprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\GWFSPidGen.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.pro:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graphics.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\graftabl.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gpkcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\glmf32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\getuname.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gdiplus.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\gb2312.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\g711codc.ax:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsutil.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsusd.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fsmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Fonts.DDF:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fmifs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20ENU.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\FM20.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fixmapi.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\finger.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fc.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fastopen.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\expand.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\exe2bin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventvwr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventcls.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eula.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentutl.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.hxx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esentprf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent97.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\esent(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\es(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edlin.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\edit.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dxtmsft3.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dvdplay.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssec.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsound.vxd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dsauth.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwatson.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drmstor.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vdmindvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tsbvcap.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\tosdvd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smclib.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\RTL8139.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\riodrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rio8drv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rawwan.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\pcdrsrvc.pkms:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parvdm.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\oprghdlr.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkspx.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnknb.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nikedrv.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mcd.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Hdaudio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\gmreadme.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fsvga.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\services:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\protocol:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\networks:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\etc\lmhosts.sam:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cpqdap01.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cinemst2.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmuni.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmepvc.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\alcxinit.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\acpiec.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnwsock.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dpnmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\doskey.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\docprop.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmview.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmintf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmdskres.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmconfig.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhst3g.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\wmerrenu.cat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\SP2.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\OEMBIOS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\NT5IIS.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MW770.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\MAPIMIG.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\IASNT4.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\HPCRDP.CAT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskperf.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcopy.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\diskcomp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgsetup.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskperf.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskmon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\deskadp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\delphimm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\debug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ddeml.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csseqchk.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\convert.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\console.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compobj.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compmgmt.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\compact.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnvfat.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnetcfg.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmpbk32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmos.ram:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cliconf.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(3)(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ckcnv.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cidaemon.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadv.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ciadmin.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\CHODDI.SYS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkntfs.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chkdsk.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\chcp.com:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certmgr.msc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cdmodem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ccfgnt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cc3250.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C9930A.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C9930A.bin:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_875.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_500.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_437.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28598.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_28593.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_20905.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1252.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1026.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_037.nls:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bopomofo.uce:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvrfy.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootok.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios4.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bios1.rom:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bfc42.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bcbsmp50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bcbmm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bcbie50.bpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avwav.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avtapi.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avmeter.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avifile.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\avicap.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\AUTOEXEC.NT:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autodisc.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\Audio3D.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atrace.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atmpvcno.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atkctrs.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\arp.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apphelp(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\append.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\apcups.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ansi.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ALSNDMGR.CPL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adptif.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\acledit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\aaaamon.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINGPAL.WND:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINGDIB.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WINGDE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WING32.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WING.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\stdole.tlb:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SOSLIB03.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\setup.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MMSYSTEM.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\DVA.386:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CTL3DV2.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\crlds3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CATZREZX.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CATZDLL.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\catneurn.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\CATNAPZ.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SYMEVENT.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Soap Bubbles.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SMedia.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\SmartDialer.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\sessmgr.setup.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\River Sumida.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Rhododendron.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\regopt.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\R.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Prairie Wind.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pffoo.val:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Order.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\OEWABLog.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ODBC.INI:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\msdfmap.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB913446.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB912919.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB912812.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911927.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911567.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB911562.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB910437.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB908531.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB908519.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905915.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB905749.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB904706.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB903235.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB898461.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896688.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB896424.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803v2.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893803.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB893086.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB891781.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890923.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890859.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890175.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB890047.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888302.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB888113.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887742.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB887472.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB886185.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885836.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885835.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB885250.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB883667.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873339.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB873333.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\KB867282.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpqins01.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpimdl01.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\hpdins01.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Greenstone.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Gone Fishing.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\FeatherTexture.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\F.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\explorer.scf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\E.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DtcInstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\DHCPUPG.LOG:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\COM+.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Coffee Bean.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\cmsetacl.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\clock.avi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\catz.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\CATNAPZ.SCR:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\C.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Blue Lace 16.bmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\B.scd:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ALCXMNTR.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\agrsmdel.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\_default.pif:KAVICHS
@Alternate Data Stream - 36 bytes -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DOCUME~1\HP_Owner\My Documents\tip2.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DOCUME~1\HP_Owner\My Documents\QuickTime Player.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DOCUME~1\HP_Owner\My Documents\b&r1.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\DOCUME~1\HP_Owner\My Documents\918165.htm:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wmsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\WGA.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\wpa.dbl:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System\hpsysdrv.DAT:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\ocgen.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\ntdtcsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\msgsocm.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB911565.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB899588.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896428.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896422.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB896358.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB893066.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB890046.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\KB883939.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\iltwain.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\iis6.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\FaxSetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\DirectX.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\comsetup.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\bootstat.dat:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\tsoc.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\ocmsn.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB905414.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB902400.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB901017.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB900725.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB899587.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB896423.log:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\KB893756.log:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\KB896727.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\setupapi(3)(2).dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\oeminfo.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\atl71.dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\spupdsvc.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\KB901214.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\KB899591.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\KB894391.log:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\gstpilot.ini:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wtsapi32(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\winmm(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\wininet(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\version(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\uxtheme(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\user32(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\unPPC6000.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TWAIN_32.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\TWAIN.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\traffic.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\THREED32.OCX:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\srrstr(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shsvcs(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shell32(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shdocvw(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\sensapi(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\secur32(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\schannel(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rsaci.rat:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\Roboex32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\rgt007.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\PXWMA.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ps2.EXE:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\pncrt.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleaut32(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oleacc.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\oemlogo.bmp:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcrt20.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MSJtEr35.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\MSJInt35.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msimg32(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfc71.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mag_hook.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\lz32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LCodcCMP.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\hccutils.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ftsrch.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\system32\DRIVERS\HPZid412.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\dfrgres.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cscdll(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cryptnet(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\comintfs.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\cards.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\avicap32.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\apphelp(3)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\advapi32(2)(2).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\setupact.log:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\HP_Owner\My Documents\DxDiag.txt:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\HP_Owner\My Documents\BC860XLTom.pdf:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\HP_Owner\Desktop\HP Director.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\ALLUSE~1\Desktop\Software Repair Wizard.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\ALLUSE~1\Desktop\MSN.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\ALLUSE~1\Desktop\Install Quicken New User Edition.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\ALLUSE~1\Desktop\HP Image Zone Plus.lnk:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\DOCUME~1\ALLUSE~1\Desktop\Help and Support.lnk:KAVICHS
< End of report >



MWB Log

Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 3

3/30/2009 9:09:31 PM
mbam-log-2009-03-30 (21-09-31).txt

Scan type: Quick Scan
Objects scanned: 80111
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Owner\Local Settings\Temp\ie3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by seaspiritnw, 31 March 2009 - 07:41 AM.

  • 0

Advertisements

#2
heir
Posted 01 April 2009 - 10:39 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello seaspiritnw !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Looks as some of your windowsfiles have been infected.
No worries we'll try to sort this out.

Step 1.
SDFix:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum


Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Things I would like to see in your reply:


  • The content of C:\SDFix\report,txt from step 1.
  • The content of C:\ComboFix,txt from step 2.
  • The content of C:\lopR,txt from step 3.

  • 0

#3
seaspiritnw
Posted 01 April 2009 - 11:29 AM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I cannot download lop S&D..it says site is down. Will run other programs and post logs. Thank you for your reply.
  • 0

#4
seaspiritnw
Posted 01 April 2009 - 01:23 PM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the logs from SDF, Lop and combofix. Yesterday I downloaded Zone Alarm and the pop ups stopped.

SDF Log




SDFix: Version 1.240
Run by HP_Owner on Wed 04/01/2009 at 01:52 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 14:03:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Primedius\\PrimediusProxy.exe"="C:\\Program Files\\Primedius\\PrimediusProxy.exe:*:Disabled:PrimediusProxy"
"C:\\Program Files\\Defender Pro\\Defender Pro System Utilities\\Drive Cleaner\\DriveCleaner.exe"="C:\\Program Files\\Defender Pro\\Defender Pro System Utilities\\Drive Cleaner\\DriveCleaner.exe:*:Enabled:1 - Drive Cleaner"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Venturi2\\Configurator\\ventcfg.exe"="C:\\Program Files\\Venturi2\\Configurator\\ventcfg.exe:*:Enabled:Venturi Accelerator"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\FileZilla Client\\filezilla.exe"="C:\\Program Files\\FileZilla Client\\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\\pss\\NetJetServer.exe"="C:\\pss\\NetJetServer.exe:*:Enabled:NetJetEngine Web Server Product from Renasoft"
"C:\\Program Files\\Mask Surf\\MaskSurf.exe"="C:\\Program Files\\Mask Surf\\MaskSurf.exe:*:Enabled:Mask Surf"
"C:\\Documents and Settings\\HP_Owner\\Local Settings\\Temp\\MaskSurf.TMP0"="C:\\Documents and Settings\\HP_Owner\\Local Settings\\Temp\\MaskSurf.TMP0:*:Enabled:MaskSurf"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"="C:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator Application"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1153841042\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1153841042\\EE\\AOLServiceHost.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\Defender\\Defender Pro 2005\\kav.exe"="C:\\Program Files\\Defender\\Defender Pro 2005\\kav.exe:*:Disabled:Defender Pro 2005"
"C:\\Program Files\\Defender Pro\\Defender Pro Anti Pop Up\\PopUpKiller.exe"="C:\\Program Files\\Defender Pro\\Defender Pro Anti Pop Up\\PopUpKiller.exe:*:Disabled:Defender Pro Anti Pop Up "
"C:\\Program Files\\Defender Pro\\Defender Pro System Utilities\\DefenderProSystem.exe"="C:\\Program Files\\Defender Pro\\Defender Pro System Utilities\\DefenderProSystem.exe:*:Disabled:Defender Pro System Utilities"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Disabled:Earthlink"
"C:\\Program Files\\Easy Internet signup\\HPSdpApp.exe"="C:\\Program Files\\Easy Internet signup\\HPSdpApp.exe:*:Disabled:Easy Internet Sign-up"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\PersonalWebKit3\\personalwebkit.exe"="C:\\Program Files\\PersonalWebKit3\\personalwebkit.exe:*:Disabled:personalwebkit"
"C:\\Program Files\\PeoplePC Accelerated\\PropelAC.exe"="C:\\Program Files\\PeoplePC Accelerated\\PropelAC.exe:*:Disabled:Start PeoplePC Accelerated"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\Program Files\\Java\\jre6\\bin\\jqs.exe"="C:\\Program Files\\Java\\jre6\\bin\\jqs.exe:*:Enabled:jqs"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:rundll32"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"
"C:\\Program Files\\Spyware Terminator\\sp_rsser.exe"="C:\\Program Files\\Spyware Terminator\\sp_rsser.exe:*:Enabled:sp_rsser"
"C:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"="C:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe:*:Enabled:SpywareTerminator"
"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\VTech\\Community\\System\\PCTray.exe"="C:\\Program Files\\VTech\\Community\\System\\PCTray.exe:*:Disabled:Vtech local server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"

Remaining Files :



Files with Hidden Attributes :

Sat 19 Mar 2005 213 A.SHR --- "C:\BOOT.BAK"
Sat 19 Mar 2005 196 A.SHR --- "C:\BOOTNXX.BAK"
Sat 15 Dec 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Wed 31 Jul 2002 104 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Mon 11 Jun 2007 52,224 ..SHR --- "C:\Program Files\Fatbits\Setup.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\is-T56DM.tmp"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 24 Aug 2006 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sat 10 Nov 2007 80 A.SHR --- "C:\WINDOWS\system32\150363DC69.dll"
Mon 28 Mar 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 19 Jun 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Mon 28 Mar 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Mon 22 Aug 2005 79,872 A..H. --- "C:\Swsetup\Monitors\SP31392\hpinsx64.exe"
Thu 17 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!


Combofix Log

ComboFix 09-03-31.04 - HP_Owner 2009-04-01 14:22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.464 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HP_Owner\Application Data\Google\mcscrlp32.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\Quarantine
c:\windows\IE4 Error Log.txt
c:\windows\system32\gdcowirg.ini
c:\windows\system32\test.ttt
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://dx5.biz
.
((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-04-01 13:51 . 2009-04-01 13:51 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-04-01 13:48 . 2009-04-01 13:48 <DIR> d-------- c:\windows\ERUNT
2009-04-01 13:41 . 2009-04-01 14:12 <DIR> d-------- C:\SDFix
2009-04-01 09:40 . 2009-04-01 09:40 <DIR> d-------- c:\program files\AskBarDis
2009-04-01 09:38 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll
2009-03-31 18:00 . 2009-03-31 18:00 <DIR> d-------- c:\program files\ZoneAlarmSB
2009-03-31 17:59 . 2009-03-31 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-03-31 17:58 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-03-31 17:57 . 2009-04-01 13:32 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-31 17:57 . 2009-03-31 17:57 <DIR> d-------- c:\program files\Zone Labs
2009-03-31 17:57 . 2009-04-01 14:31 350,191 --a------ c:\windows\system32\vsconfig.xml
2009-03-31 11:58 . 2009-03-31 11:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-30 22:05 . 2009-03-30 22:06 <DIR> d-------- C:\Rooter$
2009-03-30 20:49 . 2009-03-30 20:50 <DIR> d-------- c:\program files\ERUNT
2009-03-29 16:11 . 2009-03-29 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-29 16:10 . 2009-03-29 16:10 <DIR> d-------- c:\program files\Bonjour
2009-03-29 16:09 . 2009-03-29 16:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-29 16:06 . 2009-03-29 16:06 <DIR> d-------- c:\program files\Apple Software Update
2009-03-29 16:05 . 2009-03-29 16:20 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-29 03:14 . 2008-04-13 20:12 26,112 --a------ c:\windows\system32\stu2.exe
2009-03-24 12:03 . 2009-03-24 12:03 <DIR> d-------- c:\program files\Ancestry
2009-03-09 17:25 . 2009-03-09 17:25 <DIR> d-------- c:\program files\Smilebox
2009-03-06 22:08 . 2009-03-06 22:08 <DIR> d-------- c:\windows\PixArt
2009-03-06 22:08 . 2009-03-06 22:08 <DIR> d-------- c:\program files\PC CIF Camer@
2009-03-06 22:08 . 2009-03-06 22:08 <DIR> d-------- c:\program files\Common Files\PAC207
2009-03-06 22:08 . 2006-11-03 11:59 48,128 --a------ c:\windows\system32\Remove.exe
2009-03-06 22:08 . 2007-02-12 02:06 408 --a------ c:\windows\system32\Remover.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
9999-01-20 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-03-31 17:40 --------- d-----w c:\program files\Java
2009-03-31 16:57 --------- d-----w c:\program files\elton
2009-03-31 15:59 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-31 15:59 --------- d-----w c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-03-29 20:10 --------- d-----w c:\program files\QuickTime
2009-03-29 09:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\The Generations Network
2009-03-07 02:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AtlantaBraves.net Toolbar
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\ArcSoft
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AntsSoft
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AdobeUM
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\acccore
2009-02-16 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-16 14:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 02:17 --------- d-----w c:\program files\Ghost-Tech P. I
2009-02-11 16:40 --------- d-----w c:\program files\Coupons
2006-08-24 19:27 0 -csha-w c:\windows\SMINST\HPCD.sys
2007-11-11 00:49 80 --sha-r c:\windows\system32\150363DC69.dll
2008-09-02 17:37 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 98,304 2004-08-12 04:08:01 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2009-01-05 20:18:48 c:\program files\QuickTime\QTTask.exe

-c--a-w 866,584 2006-11-03 22:20:12 c:\program files\Windows Defender\bak\MSASCui.exe

-c--a-w 15,360 2004-08-04 12:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}"= "c:\program files\fvnorthwestern\tbfvn0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]
2009-03-03 21:31 1883672 --a--c--- c:\program files\fvnorthwestern\tbfvn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD292324-974F-4224-E427-A0E0301BF425}]
2006-03-22 00:26 1724928 --a------ c:\progra~1\ATLANT~1.NET\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CD292324-974F-4224-E427-A0E0301BF425}"= "c:\progra~1\ATLANT~1.NET\Toolbar\Toolbar.dll" [2006-03-22 1724928]
"{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}"= "c:\program files\fvnorthwestern\tbfvn0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-e427-a0e0301bf425}]
[HKEY_CLASSES_ROOT\Toolbar.AtlantaBraves.net]

[HKEY_CLASSES_ROOT\clsid\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD292324-974F-4224-E427-A0E0301BF425}"= "c:\progra~1\ATLANT~1.NET\Toolbar\Toolbar.dll" [2006-03-22 1724928]
"{1F1E8D7B-FE22-4B03-810D-DC9E2347CD02}"= "c:\program files\fvnorthwestern\tbfvn0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-e427-a0e0301bf425}]
[HKEY_CLASSES_ROOT\Toolbar.AtlantaBraves.net]

[HKEY_CLASSES_ROOT\clsid\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"CommunityTray"="c:\program files\VTech\Community\System\Startup.exe" [2008-03-15 11776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-03-30 118784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qfawth.dll ikzrqy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Sonic RecordNow!^Startup^desktop.ini]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Sonic RecordNow!\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Sonic RecordNow!^Startup^HP Organize.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Sonic RecordNow!\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
c:\program files\Common Files\AOL\ACS\AOLDial.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Internet Window Washer]
--a------ 2007-04-08 21:02 1503744 c:\progra~1\FREEIN~1\Clearpch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 16:51 118784 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 19:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 16:55 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 23:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
c:\program files\Microsoft Money\System\mnyexpr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-10-16 19:57 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
c:\program files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2004-04-14 23:43 233472 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Road Runner PhotoShow Media Manager]
c:\progra~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_02\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 11:57 2506752 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
c:\program files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2005-03-04 12:01 88209 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 14:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"{00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC}"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"vsmon"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"VETMSGNT"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"MDM"=2 (0x2)
"CAISafe"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FileZilla Client\\filezilla.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Easy Internet signup\\HPSdpApp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VTech\\Community\\System\\PCTray.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-05-14 508288]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 ndproxyy;ndproxyy;c:\windows\system32\drivers\ndproxyy.sys --> c:\windows\system32\drivers\ndproxyy.sys [?]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]
S4 {00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC};ViruScape Guard Service;"c:\program files\Tera Innovations\ViruScape\VS32.exe" -installguard --> c:\program files\Tera Innovations\ViruScape\VS32.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-11 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{97681171-BE9F-43F2-8540-92002CBA391B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{819B17EF-481E-4627-9DB7-826154CD93C7} - c:\windows\system32\cbXPFVLE.dll
WebBrowser-{BB60CB19-FC33-4CB8-9E13-3E772B657AA5} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Search - http://bar.mywebsear...?p=ZCYYYYYYYYUS
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: asylumcam.com\www
Trusted Zone: ebay.com\signin
Trusted Zone: ebay.com\www
Trusted Zone: forumarena.com\ghosts101
Trusted Zone: free-web-hosting.biz\www
Trusted Zone: jasonsghost.com\www
Trusted Zone: memory-works.com\www
Trusted Zone: myspace.com\www
Trusted Zone: peoplepc.com\www
Trusted Zone: photobucket.com\www
Trusted Zone: plaxo.com\www
Trusted Zone: pogo.com\www
Trusted Zone: twopeasinabucket.com
Trusted Zone: twopeasinabucket.com\www
Trusted Zone: vsmilelink.com\www
Trusted Zone: weatherchannel.com
Trusted Zone: yahoo.com\mail
Trusted Zone: yahoo.com\www
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: GenealogyBrowser.Cab - hxxp://209.90.101.200/cabs/zinst.cab
DPF: ZInst.Cab - hxxp://209.90.101.200/cabs/zinst.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://ocracokeharborinn.dyndns.org/VatDec.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://eilandonan.remotemanager.co.uk/common/activex/MJPEGRender.ocx
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 14:32:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-01 14:41:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-01 18:41:14

Pre-Run: 17,216,352,256 bytes free
Post-Run: 17,676,353,536 bytes free

326 --- E O F --- 2009-03-14 04:34:41



Lop log


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Owner ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : ZoneAlarm Firewall 8.0.298.000 (Activated)
C:\ (Local Disk) - NTFS - Total:31 Go (Free:16 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 04/01/2009|15:46 )

--------------------\\ Listing folders in APPLIC~1

[08/12/2004|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[08/11/2004|09:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[10/15/2008|10:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[08/11/2004|11:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Real
[08/12/2004|12:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[08/11/2004|10:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[08/12/2004|02:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec

[03/29/2009|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[02/23/2008|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {9E97B640-FCFE-4900-B18A-72FAE662D6B7}
[04/30/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/06/2007|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/06/2007|10:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[02/01/2007|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[12/07/2007|02:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[03/29/2009|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/27/2009|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ascentive
[11/10/2007|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avery
[10/15/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[01/20/9999|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA
[12/19/2007|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[11/19/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/11/2004|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[06/01/2007|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[04/04/2007|06:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iWin Games
[05/24/2005|04:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Anti-Virus Personal
[12/26/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[09/23/2007|02:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Laconic Software
[06/07/2007|04:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[10/05/2007|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> logs
[03/31/2009|05:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MailFrontier
[12/12/2008|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/03/2007|05:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[08/08/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/12/2004|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[01/11/2006|01:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies
[10/03/2007|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/10/2007|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Protexis
[07/25/2006|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[09/09/2005|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[01/06/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5
[08/11/2004|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[02/16/2009|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[12/12/2008|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[05/24/2005|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[10/03/2007|05:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[03/24/2009|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> The Generations Network
[08/30/2007|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[01/04/2008|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> VCOM
[10/13/2005|03:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/21/2005|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[08/12/2004|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[08/11/2004|09:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[09/07/2004|02:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/11/2004|11:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real
[08/12/2004|12:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[08/11/2004|10:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[08/12/2004|02:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> acccore
[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Adobe
[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> AdobeUM
[09/18/2005|06:00] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Aim
[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> AntsSoft
[10/10/2006|06:51] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> AOL
[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Apple Computer
[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> ArcSoft
[03/02/2009|06:10] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> AtlantaBraves.net Toolbar
[12/21/2007|03:09] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> CoreFTP
[08/08/2005|01:24] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Cyber SafeGuard
[01/05/2008|12:35] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Ewen Chia's My Free Website Builder
[12/26/2008|05:27] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> FileZilla
[01/11/2007|03:52] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> FTW
[07/05/2007|03:11] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> GetRightToGo
[04/01/2009|02:23] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Google
[11/04/2008|12:39] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> gtk-2.0
[06/27/2006|12:39] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Help
[08/11/2004|09:13] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Identities
[10/23/2008|02:55] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> ieSpell
[12/29/2008|05:23] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> InstallShield
[08/11/2006|05:15] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> InterVideo
[09/14/2008|03:00] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> KeyingTool
[11/10/2007|08:00] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> KNVB
[09/09/2005|07:42] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Leadertech
[01/14/2009|12:27] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Learn2.com
[07/21/2005|03:45] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Macromedia
[12/12/2008|04:51] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Malwarebytes
[10/15/2008|10:16] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Microsoft
[10/14/2008|04:02] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Millennia
[03/20/2005|12:18] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Motive
[11/09/2008|05:41] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Move Networks
[12/09/2008|04:36] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Mozilla
[10/10/2006|07:03] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> MSNInstaller
[04/03/2008|10:43] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> NCH Swift Sound
[12/29/2007|08:25] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Nvu
[10/03/2007|05:29] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> PC Tools
[04/06/2005|09:55] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Real
[01/06/2008|09:21] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> River Past G5
[05/14/2007|06:06] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Road Runner
[08/12/2004|12:50] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> SampleView
[11/06/2007|12:43] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Serif
[05/14/2007|05:48] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Simple Star
[04/02/2007|11:53] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Snapfish
[09/09/2005|07:43] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Sonic
[08/11/2004|10:36] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Sun
[10/03/2007|08:09] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Sunbelt Software
[03/31/2009|11:59] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/12/2004|02:12] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Symantec
[03/25/2005|01:55] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Template
[10/21/2008|01:51] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> TERMINAL Studio
[01/04/2008|09:34] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> VCOM
[01/14/2007|06:41] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> Viewpoint
[10/03/2007|07:18] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> WinPatrol
[02/23/2008|07:11] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> WNR
[04/29/2007|12:08] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> yahoo!
[07/25/2006|11:26] C:\DOCUME~1\HP_Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver

[03/21/2008|10:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[03/21/2008|10:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AtlantaBraves.net Toolbar
[10/25/2008|10:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/15/2008|10:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[03/29/2005|09:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/29/2009 04:06 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/01/2009 11:20 AM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{97681171-BE9F-43F2-8540-92002CBA391B}.job
[04/01/2009 02:31 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 03:00 PM][-rah-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/30/2008|11:09] C:\Program Files\<DIR> Adobe
[05/07/2007|10:31] C:\Program Files\<DIR> AIM
[09/22/2005|06:00] C:\Program Files\<DIR> America Online 9.0
[03/24/2009|12:03] C:\Program Files\<DIR> Ancestry
[12/19/2007|04:01] C:\Program Files\<DIR> Antenna
[03/29/2009|04:06] C:\Program Files\<DIR> Apple Software Update
[05/01/2005|03:31] C:\Program Files\<DIR> ArcSoft
[04/01/2009|09:40] C:\Program Files\<DIR> AskBarDis
[06/16/2006|02:51] C:\Program Files\<DIR> AtlantaBraves.net
[04/02/2008|05:39] C:\Program Files\<DIR> Audacity
[11/10/2007|09:17] C:\Program Files\<DIR> Avery Dennison
[10/15/2008|10:24] C:\Program Files\<DIR> Avira
[01/28/2007|11:11] C:\Program Files\<DIR> AxBx
[08/12/2004|12:20] C:\Program Files\<DIR> BackWeb
[10/03/2007|07:18] C:\Program Files\<DIR> BillP Studios
[01/06/2009|01:29] C:\Program Files\<DIR> CCleaner
[04/01/2009|03:29] C:\Program Files\<DIR> Common Files
[08/11/2004|09:10] C:\Program Files\<DIR> ComPlus Applications
[02/11/2009|12:40] C:\Program Files\<DIR> Coupons
[08/01/2007|12:34] C:\Program Files\<DIR> DDSV2
[08/23/2005|11:14] C:\Program Files\<DIR> directx
[09/19/2005|11:36] C:\Program Files\<DIR> Easy Internet signup
[08/20/2008|10:31] C:\Program Files\<DIR> Easy Text To HTML Converter
[12/11/2007|07:10] C:\Program Files\<DIR> eGames
[03/31/2009|12:57] C:\Program Files\<DIR> elton
[03/30/2009|08:50] C:\Program Files\<DIR> ERUNT
[01/11/2007|06:30] C:\Program Files\<DIR> Family Tree Maker 2005
[02/13/2007|12:35] C:\Program Files\<DIR> FamilySearch
[06/11/2007|03:43] C:\Program Files\<DIR> Fatbits
[12/17/2008|09:54] C:\Program Files\<DIR> FileZilla Client
[05/15/2007|04:50] C:\Program Files\<DIR> Free Internet Window Washer
[05/28/2007|10:55] C:\Program Files\<DIR> fvnorthwestern
[01/03/2007|12:11] C:\Program Files\<DIR> Genius Solutions
[11/27/2008|07:10] C:\Program Files\<DIR> Ghost Hunter
[02/15/2009|10:17] C:\Program Files\<DIR> Ghost-Tech P. I
[08/15/2008|10:32] C:\Program Files\<DIR> GIMP-2.0
[11/20/2008|09:24] C:\Program Files\<DIR> Google
[08/12/2004|12:22] C:\Program Files\<DIR> Help and Support Additions
[08/20/2005|06:10] C:\Program Files\<DIR> Hewlett-Packard
[12/06/2007|07:41] C:\Program Files\<DIR> HP
[10/23/2008|02:54] C:\Program Files\<DIR> ieSpell
[08/10/2006|10:42] C:\Program Files\<DIR> IMSI
[03/06/2009|10:08] C:\Program Files\<DIR> InstallShield Installation Information
[08/11/2004|11:57] C:\Program Files\<DIR> IntelliMover Data Transfer Demo
[02/11/2009|04:11] C:\Program Files\<DIR> Internet Explorer
[09/07/2004|02:19] C:\Program Files\<DIR> InterVideo
[07/23/2007|10:30] C:\Program Files\<DIR> IrfanView
[03/31/2009|01:40] C:\Program Files\<DIR> Java
[03/19/2005|07:58] C:\Program Files\<DIR> Learn2.com
[03/29/2009|05:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/02/2008|01:36] C:\Program Files\<DIR> Messenger
[12/26/2006|10:25] C:\Program Files\<DIR> MFInstall
[11/14/2007|11:41] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/11/2004|09:13] C:\Program Files\<DIR> microsoft frontpage
[08/11/2004|11:59] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[12/12/2007|02:46] C:\Program Files\<DIR> Microsoft User Agent String Utility
[08/12/2004|12:03] C:\Program Files\<DIR> Microsoft Visual Studio
[10/03/2008|06:26] C:\Program Files\<DIR> Microsoft Works
[09/14/2008|02:52] C:\Program Files\<DIR> Microsoft WSE
[06/27/2006|12:31] C:\Program Files\<DIR> Mil Incorporated
[09/02/2008|12:56] C:\Program Files\<DIR> Movie Maker
[03/20/2005|01:00] C:\Program Files\<DIR> MSN
[08/11/2004|11:51] C:\Program Files\<DIR> MSN Encarta Standard
[08/11/2004|09:09] C:\Program Files\<DIR> MSN Gaming Zone
[09/02/2008|02:06] C:\Program Files\<DIR> MSN Messenger
[11/12/2008|06:51] C:\Program Files\<DIR> MSXML 4.0
[09/03/2007|02:51] C:\Program Files\<DIR> MSXML 6.0
[09/07/2004|02:21] C:\Program Files\<DIR> muvee Technologies
[04/03/2008|10:43] C:\Program Files\<DIR> NCH Swift Sound
[09/02/2008|12:52] C:\Program Files\<DIR> NetMeeting
[11/21/2008|09:45] C:\Program Files\<DIR> NetObjects
[11/27/2007|03:08] C:\Program Files\<DIR> OGF
[03/30/2008|01:30] C:\Program Files\<DIR> Olympus
[08/12/2004|12:37] C:\Program Files\<DIR> Online Services
[09/02/2008|12:52] C:\Program Files\<DIR> Outlook Express
[11/06/2007|01:17] C:\Program Files\<DIR> PageFocus Draw
[03/06/2009|10:08] C:\Program Files\<DIR> PC CIF Camer@
[05/01/2007|02:36] C:\Program Files\<DIR> PC Tools AntiVirus
[08/12/2004|12:24] C:\Program Files\<DIR> PC-Doctor for Windows
[08/01/2007|12:50] C:\Program Files\<DIR> project dogwaffle
[10/10/2006|07:58] C:\Program Files\<DIR> Pure Networks
[03/29/2009|04:10] C:\Program Files\<DIR> QuickTime
[08/11/2004|11:52] C:\Program Files\<DIR> Real
[03/11/2007|02:37] C:\Program Files\<DIR> SeaStorm 3D Screensaver
[12/19/2007|01:32] C:\Program Files\<DIR> Serif
[11/11/2005|06:55] C:\Program Files\<DIR> Sierra On-Line
[08/20/2005|06:11] C:\Program Files\<DIR> Simply Media
[03/09/2009|05:25] C:\Program Files\<DIR> Smilebox
[08/11/2004|11:50] C:\Program Files\<DIR> Sonic
[08/11/2004|11:50] C:\Program Files\<DIR> Sonic RecordNow!
[08/07/2008|11:43] C:\Program Files\<DIR> Sony
[02/16/2009|10:11] C:\Program Files\<DIR> Spybot - Search & Destroy
[12/12/2008|04:15] C:\Program Files\<DIR> Spyware Terminator
[03/31/2009|11:59] C:\Program Files\<DIR> SUPERAntiSpyware
[05/05/2007|09:21] C:\Program Files\<DIR> SupportSoft
[09/14/2008|02:53] C:\Program Files\<DIR> The Generations Network
[04/03/2008|09:44] C:\Program Files\<DIR> The Weather Channel FW
[08/11/2004|09:16] C:\Program Files\<DIR> Uninstall Information
[08/12/2004|12:20] C:\Program Files\<DIR> Updates from HP
[01/11/2007|01:06] C:\Program Files\<DIR> Viewpoint
[12/29/2008|05:23] C:\Program Files\<DIR> VTech
[06/01/2007|12:42] C:\Program Files\<DIR> Wal-Mart Music Downloads Store
[01/06/2008|11:40] C:\Program Files\<DIR> Webcamfirst
[10/06/2007|08:35] C:\Program Files\<DIR> Windows Defender
[05/17/2007|11:03] C:\Program Files\<DIR> Windows Media Connect 2
[09/02/2008|12:52] C:\Program Files\<DIR> Windows Media Player
[09/02/2008|12:52] C:\Program Files\<DIR> Windows NT
[08/11/2004|09:11] C:\Program Files\<DIR> WindowsUpdate
[03/20/2005|10:27] C:\Program Files\<DIR> WON
[08/25/2005|10:26] C:\Program Files\<DIR> WorldWinner.com
[08/11/2004|09:13] C:\Program Files\<DIR> xerox
[04/19/2007|04:09] C:\Program Files\<DIR> Yahoo!
[03/31/2009|05:57] C:\Program Files\<DIR> Zone Labs
[03/31/2009|06:00] C:\Program Files\<DIR> ZoneAlarmSB

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/30/2008|11:09] C:\Program Files\Common Files\<DIR> Adobe
[05/06/2007|10:34] C:\Program Files\Common Files\<DIR> AOL
[01/07/2007|01:58] C:\Program Files\Common Files\<DIR> aolback
[08/11/2004|11:20] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[08/11/2004|11:21] C:\Program Files\Common Files\<DIR> HP
[06/01/2007|12:42] C:\Program Files\Common Files\<DIR> InstallShield
[08/11/2004|10:36] C:\Program Files\Common Files\<DIR> Java
[11/09/2008|05:39] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2004|09:11] C:\Program Files\Common Files\<DIR> MSSoap
[09/07/2004|02:21] C:\Program Files\Common Files\<DIR> muvee Technologies
[03/19/2005|07:58] C:\Program Files\Common Files\<DIR> Nullsoft
[08/11/2004|02:06] C:\Program Files\Common Files\<DIR> ODBC
[03/06/2009|10:08] C:\Program Files\Common Files\<DIR> PAC207
[08/11/2004|11:52] C:\Program Files\Common Files\<DIR> Real
[09/06/2004|09:15] C:\Program Files\Common Files\<DIR> Services
[05/14/2007|05:39] C:\Program Files\Common Files\<DIR> Simple Star Shared
[08/11/2004|02:06] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/14/2007|03:45] C:\Program Files\Common Files\<DIR> supportsoft
[08/11/2004|11:50] C:\Program Files\Common Files\<DIR> SureThing Shared
[05/24/2005|04:34] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/02/2008|12:52] C:\Program Files\Common Files\<DIR> System
[03/31/2009|11:58] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[08/11/2004|11:52] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 35 Processes )

iexplore.exe ~ [PID:2428]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\HP_Owner\Cookies\hp_owner@advertising[1].txt
C:\DOCUME~1\HP_Owner\Cookies\hp_owner@euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 15:48:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Searching for other infections


No other infections found !

[F:5][D:1]-> C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
[F:209][D:0]-> C:\DOCUME~1\HP_Owner\Cookies
[F:623][D:4]-> C:\DOCUME~1\HP_Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 04/01/2009|15:53 - Option : [1]

--------------------\\ Scan completed at 15:53:26

Edited by seaspiritnw, 01 April 2009 - 01:55 PM.

  • 0

#5
heir
Posted 01 April 2009 - 02:10 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
An new location for downloading Lop S&D are to be available soon.
I'll let you know when.
Meanwhile I'll look over the logs so far.

heir
  • 0

#6
seaspiritnw
Posted 01 April 2009 - 02:35 PM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Added the lop too..was finally able to download. Thank you so much for your help too..
  • 0

#7
heir
Posted 02 April 2009 - 01:55 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's move on then!

Step 1.
Filescan:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\System32\userinit.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with these:
  • C:\WINDOWS\System32\stu2.exe
    C:\WINDOWS\system32\150363DC69.dll
    C:\Swsetup\Monitors\SP31392\hpinsx64.exe
    c:\windows\system32\Remove.exe
    c:\windows\system32\Remover.ini
    c:\program files\QuickTime\bak\qttask.exe
    c:\program files\QuickTime\QTTask.exe
    c:\windows\wc98pp.dll

Step 2.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint Manager (Remove Only)
Viewpoint Media Player




Step 3.
CFScript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\drivers\ndproxyy.sys 
Folder::
c:\program files\Viewpoint
C:\DOCUME~1\HP_Owner\APPLIC~1\Viewpoint
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Driver::
ndproxyy
Viewpoint Manager Service
Domains::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4.
Things I would like to see in your reply:

  • The results from the filescans in step 1.
  • The content of C:\ComboFix.txt from step 3.
  • IN formation on how your computer is running now.

  • 0

#8
seaspiritnw
Posted 02 April 2009 - 08:56 AM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Seems to be running fine. Have not had pop ups since adding the Zone Alarm, seems to be just a bit faster but not a great deal.

After a few minutes it seems to have increased in speed..maybe it had to catch up..lol.


VirScan Logs..

VirSCAN.org Scanned Report :
Scanned time : 2009/03/23 18:12:10 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/r...0b8f93c5bf.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090318163345 2009-03-18 2.43 -
AhnLab V3 2009.03.24.00 2009.03.24 2009-03-24 1.07 -
AntiVir 7.9.0.120 7.1.2.205 2009-03-23 1.96 -
Antiy 2.0.18 20090323.2224254 2009-03-23 0.12 -
Authentium 5.1.1 200903232136 2009-03-23 1.10 -
AVAST! 3.0.1 090322-0 2009-03-22 0.01 -
AVG 7.5.52.442 270.11.15/2004 2009-03-16 1.96 -
BitDefender 7.81008.2815284 7.24376 2009-03-24 2.61 -
CA (VET) 9.0.0.143 31.6.6413 2009-03-24 9.85 -
ClamAV 0.94.2 9155 2009-03-24 0.01 -
Comodo 3.8 1082 2009-03-23 0.52 -
CP Secure 1.1.0.715 2009.03.24 2009-03-24 7.71 -
Dr.Web 4.44.0.9170 2009.03.23 2009-03-23 4.27 -
F-Prot 4.4.4.56 20090323 2009-03-23 1.09 -
F-Secure 5.51.6100 2009.03.23.06 2009-03-23 5.00 -
Fortinet 2.81-3.117 10.194 2009-03-23 0.20 -
GData 19.4183/19.272 20090323 2009-03-23 3.37 -
ViRobot 20090320 2009.03.20 2009-03-20 0.40 -
Ikarus T3.1.01.48 2009.03.23.72466 2009-03-23 2.88 -
JiangMin 11.0.706 2009.03.23 2009-03-23 1.59 -
Kaspersky 5.5.10 2009.03.23 2009-03-23 0.07 -
KingSoft 2009.2.5.15 2009.3.23.20 2009-03-23 0.57 -
McAfee 5.3.00 5562 2009-03-23 2.70 -
Microsoft 1.4502 2009.03.24 2009-03-24 4.18 -
mks_vir 2.01 2009.03.23 2009-03-23 2.71 -
Norman 6.00.06 6.00.00 2009-03-23 8.01 -
Panda 9.05.01 2009.03.22 2009-03-22 1.57 -
Trend Micro 8.700-1004 5.912.16 2009-03-23 0.03 -
Quick Heal 10.00 2009.03.23 2009-03-23 1.01 -
Rising 20.0 21.22.02.00 2009-03-23 0.83 -
Sophos 2.84.1 4.39 2009-03-24 2.15 -
Sunbelt 5055 5055 2009-03-23 0.61 -
Symantec 1.3.0.24 20090323.003 2009-03-23 0.07 -
nProtect 20090323.02 3375326 2009-03-23 4.10 -
The Hacker 6.3.3.4 v00288 2009-03-23 0.57 -
VBA32 3.12.10.1 20090322.1902 2009-03-22 1.87 -
VirusBuster 4.5.11.10 10.102.19/989383 2009-03-23 1.22 -



VirSCAN.org Scanned Report :
Scanned time : 2009/04/02 09:51:59 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : 150363DC69.dll
File Size : 80 byte
File Type : data
MD5 : f0d4c06f1003a2f499a5bb7599492195
SHA1 : 518b2542132039b4c6823e69a24c81a0488f02e1
Online report : http://virscan.org/r...b6b91b9f6a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 00040000000000 0004-00-00 0.37 -
AhnLab V3 2009.04.02.02 2009.04.02 2009-04-02 0.66 -
AntiVir 7.9.0.129 7.1.3.6 2009-04-02 1.98 -
Antiy 2.0.18 20090402.2269857 2009-04-02 0.12 -
Authentium 5.1.1 200904011755 2009-04-01 1.11 -
AVAST! 3.0.1 090402-0 2009-04-02 0.00 -
AVG 7.5.52.442 270.11.38/2037 2009-04-02 2.01 -
BitDefender 7.81008.2816335 7.24570 2009-04-02 2.60 -
CA (VET) 9.0.0.143 31.6.6430 2009-04-02 4.21 -
ClamAV 0.95 9197 2009-04-02 0.01 -
Comodo 3.8 1093 2009-04-01 0.60 -
CP Secure 1.1.0.715 2009.04.02 2009-04-02 7.95 -
Dr.Web 4.44.0.9170 2009.04.02 2009-04-02 4.38 -
F-Prot 4.4.4.56 20090401 2009-04-01 1.12 -
F-Secure 5.51.6100 2009.04.02.06 2009-04-02 0.03 -
Fortinet 2.81-3.117 10.232 2009-04-02 0.16 -
GData 19.4372/19.284 20090402 2009-04-02 3.70 -
ViRobot 20090401 2009.04.01 2009-04-01 0.40 -
Ikarus T3.1.01.49 2009.04.02.72512 2009-04-02 2.89 -
JiangMin 11.0.706 2009.04.02 2009-04-02 1.61 -
Kaspersky 5.5.10 2009.04.02 2009-04-02 0.02 -
KingSoft 2009.2.5.15 2009.4.2.21 2009-04-02 0.56 -
McAfee 5.3.00 5571 2009-04-01 2.68 -
Microsoft 1.4502 2009.04.02 2009-04-02 5.20 -
mks_vir 2.01 2009.04.02 2009-04-02 2.71 -
Norman 6.00.06 6.00.00 2009-04-01 10.01 -
Panda 9.05.01 2009.04.01 2009-04-01 3.05 -
Trend Micro 8.700-1004 5.939.00 2009-04-01 0.02 -
Quick Heal 10.00 2009.03.31 2009-03-31 1.05 -
Rising 20.0 21.23.32.00 2009-04-02 0.51 -
Sophos 2.85.0 4.40 2009-04-02 1.97 -
Sunbelt 5073 5073 2009-04-01 0.60 -
Symantec 1.3.0.24 20090401.003 2009-04-01 0.18 -
nProtect 20090402.02 3403087 2009-04-02 4.36 -
The Hacker 6.3.4.0 v00298 2009-04-01 0.53 -
VBA32 3.12.10.2 20090401.1027 2009-04-01 1.70 -
VirusBuster 4.5.11.10 10.102.30/1173479 2009-04-01 1.47 -



VirSCAN.org Scanned Report :
Scanned time : 2009/04/02 09:54:33 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : hpinsx64.exe
File Size : 79872 byte
File Type : PE32+ executable for MS Windows (GUI)
MD5 : 92e72ae2ea0420d0877a922a96b1a762
SHA1 : ae22d3195a012d3e2bcac020ceaeb7ba3d92abaf
Online report : http://virscan.org/r...6047e8a669.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 00040000000000 0004-00-00 0.67 -
AhnLab V3 2009.04.02.02 2009.04.02 2009-04-02 0.70 -
AntiVir 7.9.0.129 7.1.3.6 2009-04-02 2.00 -
Antiy 2.0.18 20090402.2269857 2009-04-02 0.12 -
Authentium 5.1.1 200904011755 2009-04-01 1.11 -
AVAST! 3.0.1 090402-0 2009-04-02 0.01 -
AVG 7.5.52.442 270.11.38/2037 2009-04-02 2.06 -
BitDefender 7.81008.2816335 7.24570 2009-04-02 2.63 -
CA (VET) 9.0.0.143 31.6.6430 2009-04-02 11.53 -
ClamAV 0.95 9197 2009-04-02 0.02 -
Comodo 3.8 1093 2009-04-01 0.80 -
CP Secure 1.1.0.715 2009.04.02 2009-04-02 7.94 -
Dr.Web 4.44.0.9170 2009.04.02 2009-04-02 4.34 -
F-Prot 4.4.4.56 20090401 2009-04-01 1.11 -
F-Secure 5.51.6100 2009.04.02.06 2009-04-02 0.06 -
Fortinet 2.81-3.117 10.232 2009-04-02 0.18 -
GData 19.4372/19.284 20090402 2009-04-02 3.47 -
ViRobot 20090401 2009.04.01 2009-04-01 0.41 -
Ikarus T3.1.01.49 2009.04.02.72512 2009-04-02 2.89 -
JiangMin 11.0.706 2009.04.02 2009-04-02 1.68 -
Kaspersky 5.5.10 2009.04.02 2009-04-02 0.05 -
KingSoft 2009.2.5.15 2009.4.2.21 2009-04-02 0.86 -
McAfee 5.3.00 5571 2009-04-01 2.69 -
Microsoft 1.4502 2009.04.02 2009-04-02 4.34 -
mks_vir 2.01 2009.04.02 2009-04-02 2.71 -
Norman 6.00.06 6.00.00 2009-04-01 10.01 -
Panda 9.05.01 2009.04.01 2009-04-01 1.58 -
Trend Micro 8.700-1004 5.939.00 2009-04-01 0.03 -
Quick Heal 10.00 2009.03.31 2009-03-31 0.96 -
Rising 20.0 21.23.32.00 2009-04-02 0.24 -
Sophos 2.85.0 4.40 2009-04-02 2.01 -
Sunbelt 5073 5073 2009-04-01 0.57 -
Symantec 1.3.0.24 20090401.003 2009-04-01 0.05 -
nProtect 20090402.02 3403087 2009-04-02 4.12 -
The Hacker 6.3.4.0 v00298 2009-04-01 0.56 -
VBA32 3.12.10.2 20090401.1027 2009-04-01 1.83 -
VirusBuster 4.5.11.10 10.102.30/1173479 2009-04-01 1.44 -



VirSCAN.org Scanned Report :
Scanned time : 2008/12/16 10:58:04 (EST)
Scanner results: All Scanners reported not find malware!
File Name : Remove.exe
File Size : 48128 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 40701782bd98968fd994e6166cbec490
SHA1 : bebcc773fd66ad5ce4e55daf4bc5a2b5325861b1
Online report : http://virscan.org/r...fd31e22d0a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081216171451 2008-12-16 3.08 -
AhnLab V3 2008.12.17.00 2008.12.17 2008-12-17 1.08 -
AntiVir 7.9.0.45 7.1.0.242 2008-12-16 1.64 -
Antiy 2.0.18 20081216.1856782 2008-12-16 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.22 -
Authentium 5.1.1 200812161414 2008-12-16 1.06 -
AVAST! 3.0.1 081215-1 2008-12-15 0.01 -
AVG 7.5.52.442 270.9.18/1851 2008-12-16 1.76 -
BitDefender 7.81008.2354235 7.22569 2008-12-16 2.15 -
CA (VET) 9.0.0.143 31.6.6263 2008-12-16 5.37 -
ClamAV 0.94.1 8767 2008-12-16 0.01 -
Comodo 3.0 760 2008-12-15 1.17 -
CP Secure 1.1.0.715 2008.12.16 2008-12-16 6.12 -
Dr.Web 4.44.0.9170 2008.12.16 2008-12-16 3.71 -
ewido 4.0.0.2 2008.12.16 2008-12-16 3.64 -
F-Prot 4.4.4.56 20081216 2008-12-16 1.07 -
F-Secure 5.51.6100 2008.12.16.10 2008-12-16 3.92 -
Fortinet 2.81-3.117 9.816 2008-12-16 0.20 -
GData 19.1938/19.148 20081216 2008-12-16 2.80 -
ViRobot 20081216 2008.12.16 2008-12-16 0.41 -
Ikarus T3.1.01.45 2008.12.16.72016 2008-12-16 3.67 -
JiangMin 11.0.706 2008.12.15 2008-12-15 1.38 -
Kaspersky 5.5.10 2008.12.16 2008-12-16 0.06 -
KingSoft 2008.9.8.18 2008.12.16.17 2008-12-16 0.56 -
McAfee 5.3.00 5465 2008-12-15 2.62 -
Microsoft 1.4205 2008.12.16 2008-12-16 3.95 -
mks_vir 2.01 2008.12.16 2008-12-16 2.61 -
Norman 5.93.01 5.93.00 2008-12-15 5.70 -
Panda 9.05.01 2008.12.15 2008-12-15 2.50 -
Trend Micro 8.700-1004 5.714.05 2008-12-16 0.03 -
Quick Heal 10.00 2008.12.16 2008-12-16 0.85 -
Rising 20.0 21.08.12.00 2008-12-16 0.78 -
Sophos 2.82.1 4.37 2008-12-16 1.86 -
Sunbelt 4754 4754 2008-12-10 0.65 -
Symantec 1.3.0.24 20081215.004 2008-12-15 0.05 -
nProtect 20081215.03 2773539 2008-12-15 3.25 -
The Hacker 6.3.1.2 v00189 2008-12-15 0.48 -
VBA32 3.12.8.10 20081216.0910 2008-12-16 1.51 -
VirusBuster 4.5.11.10 10.97.1/730532 2008-12-16 0.95 -



VirSCAN.org Scanned Report :
Scanned time : 2009/04/02 09:57:55 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : Remover.ini
File Size : 408 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 6cac6215197e0aedf26fc758db6af18a
SHA1 : 1294ddbf4a34b5b6a04f568a071773e1be059071
Online report : http://virscan.org/r...3685ef07a0.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 00040000000000 0004-00-00 0.37 -
AhnLab V3 2009.04.02.02 2009.04.02 2009-04-02 0.58 -
AntiVir 7.9.0.129 7.1.3.6 2009-04-02 2.00 -
Antiy 2.0.18 20090402.2269857 2009-04-02 0.12 -
Authentium 5.1.1 200904011755 2009-04-01 1.09 -
AVAST! 3.0.1 090402-0 2009-04-02 0.00 -
AVG 7.5.52.442 270.11.38/2037 2009-04-02 2.01 -
BitDefender 7.81008.2816335 7.24570 2009-04-02 2.61 -
CA (VET) 9.0.0.143 31.6.6430 2009-04-02 5.45 -
ClamAV 0.95 9197 2009-04-02 0.00 -
Comodo 3.8 1093 2009-04-01 0.55 -
CP Secure 1.1.0.715 2009.04.02 2009-04-02 7.84 -
Dr.Web 4.44.0.9170 2009.04.02 2009-04-02 4.29 -
F-Prot 4.4.4.56 20090401 2009-04-01 1.10 -
F-Secure 5.51.6100 2009.04.02.06 2009-04-02 0.04 -
Fortinet 2.81-3.117 10.232 2009-04-02 0.16 -
GData 19.4372/19.284 20090402 2009-04-02 3.41 -
ViRobot 20090401 2009.04.01 2009-04-01 0.40 -
Ikarus T3.1.01.49 2009.04.02.72512 2009-04-02 2.91 -
JiangMin 11.0.706 2009.04.02 2009-04-02 2.08 -
Kaspersky 5.5.10 2009.04.02 2009-04-02 0.02 -
KingSoft 2009.2.5.15 2009.4.2.21 2009-04-02 0.56 -
McAfee 5.3.00 5571 2009-04-01 2.66 -
Microsoft 1.4502 2009.04.02 2009-04-02 5.00 -
mks_vir 2.01 2009.04.02 2009-04-02 2.64 -
Norman 6.00.06 6.00.00 2009-04-01 10.01 -
Panda 9.05.01 2009.04.01 2009-04-01 1.43 -
Trend Micro 8.700-1004 5.939.00 2009-04-01 0.02 -
Quick Heal 10.00 2009.03.31 2009-03-31 1.09 -
Rising 20.0 21.23.32.00 2009-04-02 0.26 -
Sophos 2.85.0 4.40 2009-04-02 1.97 -
Sunbelt 5073 5073 2009-04-01 0.82 -
Symantec 1.3.0.24 20090401.003 2009-04-01 0.18 -
nProtect 20090402.02 3403087 2009-04-02 4.80 -
The Hacker 6.3.4.0 v00298 2009-04-01 0.65 -
VBA32 3.12.10.2 20090401.1027 2009-04-01 1.67 -
VirusBuster 4.5.11.10 10.102.30/1173479 2009-04-01 1.45 -




VirSCAN.org Scanned Report :
Scanned time : 2009/01/17 04:25:03 (EST)
Scanner results: 5% Scanner(2/37) found malware!
File Name : qttask.exe
File Size : 98304 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 76a3a30b58405c2c6d833895253a51a9
SHA1 : 81899013e13eaffef1b812e628297e2032c19db2
Online report : http://virscan.org/r...f77bcde97e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20090116183424 2009-01-16 5.54 -
AhnLab V3 2009.01.16.03 2009.01.16 2009-01-16 5.96 -
AntiVir 7.9.0.57 7.1.1.134 2009-01-16 1.75 -
Antiy 2.0.18 20090117.2060374 2009-01-17 0.12 -
Authentium 5.1.1 200901162046 2009-01-16 1.16 W32/Heuristic-431!Eldorado (Heuristic)
AVAST! 3.0.1 090116-1 2009-01-16 0.01 -
AVG 7.5.52.442 270.10.8/1898 2009-01-16 1.87 -
BitDefender 7.81008.2490434 7.23208 2009-01-17 2.35 -
CA (VET) 9.0.0.143 31.6.6312 2009-01-17 7.71 -
ClamAV 0.94.2 8873 2009-01-17 0.04 -
Comodo 3.0 933 2009-01-16 0.87 -
CP Secure 1.1.0.715 2009.01.17 2009-01-17 6.65 -
Dr.Web 4.44.0.9170 2009.01.17 2009-01-17 3.91 -
F-Prot 4.4.4.56 20090116 2009-01-16 1.10 Possible W32/Heuristic-431!Eldorado (not disinfectable)
F-Secure 5.51.6100 2009.01.16.12 2009-01-16 0.07 -
Fortinet 2.81-3.117 9.933 2009-01-15 0.23 -
GData 19.2467/19.189 20090117 2009-01-17 8.09 -
ViRobot 20090116 2009.01.16 2009-01-16 0.78 -
Ikarus T3.1.01.45 2009.01.17.72166 2009-01-17 4.13 -
JiangMin 11.0.706 2009.01.13 2009-01-13 1.81 -
Kaspersky 5.5.10 2009.01.17 2009-01-17 0.06 -
KingSoft 2008.9.8.18 2009.1.17.15 2009-01-17 0.59 -
McAfee 5.3.00 5497 2009-01-16 2.90 -
Microsoft 1.4205 2009.01.17 2009-01-17 6.50 -
mks_vir 2.01 2009.01.15 2009-01-15 2.64 -
Norman 5.93.01 5.93.00 2009-01-16 7.11 -
Panda 9.05.01 2009.01.16 2009-01-16 5.94 -
Trend Micro 8.700-1004 5.774.19 2009-01-16 0.03 -
Quick Heal 10.00 2009.01.17 2009-01-17 1.59 -
Rising 20.0 21.12.51.00 2009-01-17 1.06 -
Sophos 2.82.1 4.37 2009-01-17 2.27 -
Sunbelt 4756 4756 2009-01-08 0.14 -
Symantec 1.3.0.24 20090116.004 2009-01-16 0.05 -
nProtect 20090116.01 2903543 2009-01-16 4.74 -
The Hacker 6.3.1.5 v00221 2009-01-16 0.54 -
VBA32 3.12.8.10 20090116.0930 2009-01-16 1.66 -
VirusBuster 4.5.11.10 10.100.28/762624 2009-01-16 1.03 -



VirSCAN.org Scanned Report :
Scanned time : 2009/02/20 08:20:48 (EST)
Scanner results: 3% Scanner(1/37) found malware!
File Name : QTTask.exe
File Size : 413696 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0ab3c83fcb8ef6f56e4fb22089f0d3b9
SHA1 : fe6f2eead447c517cb737109826c64ab62d501e9
Online report : http://virscan.org/r...6bb366e892.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090219200432 2009-02-19 2.86 -
AhnLab V3 2009.02.20.02 2009.02.20 2009-02-20 1.30 -
AntiVir 7.9.0.85 7.1.2.54 2009-02-20 1.88 -
Antiy 2.0.18 20090220.2189213 2009-02-20 0.12 -
Authentium 5.1.1 200902192105 2009-02-19 1.14 -
AVAST! 3.0.1 090219-0 2009-02-19 0.02 -
AVG 7.5.52.442 270.11.1/1962 2009-02-20 1.95 -
BitDefender 7.81008.2676478 7.23774 2009-02-20 2.50 -
CA (VET) 9.0.0.143 31.6.6367 2009-02-20 8.11 -
ClamAV 0.94.2 9016 2009-02-20 0.08 -
Comodo 3.0 984 2009-02-19 1.08 -
CP Secure 1.1.0.715 2009.02.20 2009-02-20 7.30 -
Dr.Web 4.44.0.9170 2009.02.20 2009-02-20 4.13 -
F-Prot 4.4.4.56 20090219 2009-02-19 1.39 -
F-Secure 5.51.6100 2009.02.20.04 2009-02-20 0.09 -
Fortinet 2.81-3.117 10.64 2009-02-20 0.47 -
GData 19.3252/19.231 20090220 2009-02-20 5.00 -
ViRobot 20090219 2009.02.19 2009-02-19 0.48 -
Ikarus T3.1.01.45 2009.02.20.72330 2009-02-20 4.01 -
JiangMin 11.0.706 2009.02.20 2009-02-20 1.57 -
Kaspersky 5.5.10 2009.02.20 2009-02-20 0.07 -
KingSoft 2009.2.5.15 2009.2.20.18 2009-02-20 4.77 -
McAfee 5.3.00 5530 2009-02-19 3.11 -
Microsoft 1.4306 2009.02.20 2009-02-20 8.97 -
mks_vir 2.01 2009.02.20 2009-02-20 2.82 -
Norman 6.00.06 6.00.00 2009-02-20 8.01 -
Panda 9.05.01 2009.02.19 2009-02-19 1.47 -
Trend Micro 8.700-1004 5.858.02 2009-02-20 0.03 -
Quick Heal 10.00 2009.02.20 2009-02-20 3.13 -
Rising 20.0 21.17.42.00 2009-02-20 0.89 -
Sophos 2.83.3 4.38 2009-02-20 2.75 -
Sunbelt 4819 4819 2009-02-16 0.66 -
Symantec 1.3.0.24 20090219.003 2009-02-19 0.06 -
nProtect 20090220.02 3172190 2009-02-20 3.94 -
The Hacker 6.3.2.3 v00261 2009-02-19 0.73 -
VBA32 3.12.10.0 20090219.1619 2009-02-19 3.23 Win32 Shadow AutoStart Install (suspicious)
VirusBuster 4.5.11.10 10.101.18/905621 2009-02-19 1.21 -



VirSCAN.org Scanned Report :
Scanned time : 2009/03/26 06:42:53 (EDT)
Scanner results: All Scanners reported not find malware!
File Name : wc98pp.dll
File Size : 51712 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 01ce67a8b8f546986309c28d4594d29c
SHA1 : c375555e487481ba317af381d8f8524ab20defb0
Online report : http://virscan.org/r...8d4594d29c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090326052159 2009-03-26 40.13 -
AhnLab V3 2009.03.26.03 2009.03.26 2009-03-26 40.13 -
AntiVir 7.9.0.126 7.1.2.217 2009-03-25 2.03 -
Antiy 2.0.18 20090326.2232597 2009-03-26 0.12 -
Authentium 5.1.1 200903260148 2009-03-26 1.29 -
AVAST! 3.0.1 090325-0 2009-03-25 0.01 -
AVG 7.5.52.442 270.11.29/2023 2009-03-25 2.02 -
BitDefender 7.81008.2815536 7.24423 2009-03-26 2.65 -
CA (VET) 9.0.0.143 31.6.6418 2009-03-26 40.13 -
ClamAV 0.94.2 9169 2009-03-26 0.02 -
Comodo 3.8 1084 2009-03-25 40.13 -
CP Secure 1.1.0.715 2009.03.26 2009-03-26 7.66 -
Dr.Web 4.44.0.9170 2009.03.26 2009-03-26 4.33 -
F-Prot 4.4.4.56 20090326 2009-03-26 1.24 -
F-Secure 5.51.6100 2009.03.26.04 2009-03-26 4.68 -
Fortinet 2.81-3.117 10.203 2009-03-25 40.13 -
GData 19.4239/19.276 20090326 2009-03-26 40.13 -
ViRobot 20090325 2009.03.25 2009-03-25 40.13 -
Ikarus T3.1.01.48 2009.03.26.72480 2009-03-26 2.89 -
JiangMin 11.0.706 2009.03.26 2009-03-26 40.13 -
Kaspersky 5.5.10 2009.03.26 2009-03-26 0.05 -
KingSoft 2009.2.5.15 2009.3.26.14 2009-03-26 40.13 -
McAfee 5.3.00 5564 2009-03-25 2.70 -
Microsoft 1.4502 2009.03.26 2009-03-26 40.13 -
mks_vir 2.01 2009.03.26 2009-03-26 2.75 -
Norman 6.00.06 6.00.00 2009-03-25 10.01 -
Panda 9.05.01 2009.03.24 2009-03-24 40.13 -
Trend Micro 8.700-1004 5.922.03 2009-03-25 0.03 -
Quick Heal 10.00 2009.03.26 2009-03-26 40.13 -
Rising 20.0 21.22.31.00 2009-03-26 40.13 -
Sophos 2.85.0 4.40 2009-03-26 1.92 -
Sunbelt 5059 5059 2009-03-25 40.13 -
Symantec 1.3.0.24 20090325.002 2009-03-25 0.29 -
nProtect 20090325.02 3376986 2009-03-25 40.13 -
The Hacker 6.3.3.7 v00292 2009-03-26 40.13 -
VBA32 3.12.10.1 20090325.1602 2009-03-25 1.79 -
VirusBuster 4.5.11.10 10.102.23/1053742 2009-03-26 1.34 -



Combofix Log

ComboFix 09-03-31.04 - HP_Owner 2009-04-02 10:11:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.477 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt,.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\ndproxyy.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1442259762.mtx
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\2087938332.mts
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1252065291.mtj&p2=1&p3=09420743038636195034543013899863&p4=50463258
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-147846425.mtj&p2=0&p3=09420743038636195034543013899863&p4=0
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1520767081.mtx
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\937950069.mtj&p2=1&p3=09420743038636195034543013899863&p4=50463258
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1049729313.mtj&p2=1&p3=09420743038636195034543013899863&p4=0
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-422848037.mtj&p2=1&p3=09420743038636195034543013899863&p4=50463258
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\docume~1\HP_Owner\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDPROXYY
-------\Service_ndproxyy


((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-01 15:45 . 2009-04-01 15:53 <DIR> d-------- C:\Lop SD
2009-04-01 13:51 . 2009-04-01 13:51 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-04-01 13:48 . 2009-04-01 13:48 <DIR> d-------- c:\windows\ERUNT
2009-04-01 13:41 . 2009-04-01 14:12 <DIR> d-------- C:\SDFix
2009-04-01 09:40 . 2009-04-01 09:40 <DIR> d-------- c:\program files\AskBarDis
2009-04-01 09:38 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll
2009-03-31 18:00 . 2009-03-31 18:00 <DIR> d-------- c:\program files\ZoneAlarmSB
2009-03-31 17:59 . 2009-03-31 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-03-31 17:58 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-03-31 17:57 . 2009-04-01 13:32 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-31 17:57 . 2009-03-31 17:57 <DIR> d-------- c:\program files\Zone Labs
2009-03-31 17:57 . 2009-04-02 10:18 350,191 --a------ c:\windows\system32\vsconfig.xml
2009-03-31 11:58 . 2009-03-31 11:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-30 22:05 . 2009-03-30 22:06 <DIR> d-------- C:\Rooter$
2009-03-30 20:49 . 2009-03-30 20:50 <DIR> d-------- c:\program files\ERUNT
2009-03-29 16:11 . 2009-03-29 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-29 16:09 . 2009-03-29 16:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-29 16:06 . 2009-03-29 16:06 <DIR> d-------- c:\program files\Apple Software Update
2009-03-29 03:14 . 2008-04-13 20:12 26,112 --a------ c:\windows\system32\stu2.exe
2009-03-24 12:03 . 2009-03-24 12:03 <DIR> d-------- c:\program files\Ancestry
2009-03-09 17:25 . 2009-03-09 17:25 <DIR> d-------- c:\program files\Smilebox
2009-03-06 22:08 . 2009-03-06 22:08 <DIR> d-------- c:\windows\PixArt
2009-03-06 22:08 . 2009-03-06 22:08 <DIR> d-------- c:\program files\PC CIF Camer@
2009-03-06 22:08 . 2009-03-06 22:08 <DIR> d-------- c:\program files\Common Files\PAC207
2009-03-06 22:08 . 2006-11-03 11:59 48,128 --a------ c:\windows\system32\Remove.exe
2009-03-06 22:08 . 2007-02-12 02:06 408 --a------ c:\windows\system32\Remover.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
9999-01-20 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-03-31 17:40 --------- d-----w c:\program files\Java
2009-03-31 16:57 --------- d-----w c:\program files\elton
2009-03-31 15:59 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-31 15:59 --------- d-----w c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-03-29 20:10 --------- d-----w c:\program files\QuickTime
2009-03-29 09:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\The Generations Network
2009-03-07 02:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AtlantaBraves.net Toolbar
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\ArcSoft
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AntsSoft
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AdobeUM
2009-03-02 22:10 --------- d-----w c:\documents and settings\HP_Owner\Application Data\acccore
2009-02-16 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-16 14:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-16 02:17 --------- d-----w c:\program files\Ghost-Tech P. I
2009-02-11 16:40 --------- d-----w c:\program files\Coupons
2006-08-24 19:27 0 -csha-w c:\windows\SMINST\HPCD.sys
2007-11-11 00:49 80 --sha-r c:\windows\system32\150363DC69.dll
2008-09-02 17:37 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_14.37.38.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-01 18:32:21 4,212 ---ha-w c:\windows\system32\zllictbl.dat
+ 2009-04-02 14:19:52 4,212 ---ha-w c:\windows\system32\zllictbl.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 98,304 2004-08-12 04:08:01 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2009-01-05 20:18:48 c:\program files\QuickTime\QTTask.exe

-c--a-w 866,584 2006-11-03 22:20:12 c:\program files\Windows Defender\bak\MSASCui.exe

-c--a-w 15,360 2004-08-04 12:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}"= "c:\program files\fvnorthwestern\tbfvn0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]
2009-03-03 21:31 1883672 --a--c--- c:\program files\fvnorthwestern\tbfvn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD292324-974F-4224-E427-A0E0301BF425}]
2006-03-22 00:26 1724928 --a------ c:\progra~1\ATLANT~1.NET\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CD292324-974F-4224-E427-A0E0301BF425}"= "c:\progra~1\ATLANT~1.NET\Toolbar\Toolbar.dll" [2006-03-22 1724928]
"{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}"= "c:\program files\fvnorthwestern\tbfvn0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-e427-a0e0301bf425}]
[HKEY_CLASSES_ROOT\Toolbar.AtlantaBraves.net]

[HKEY_CLASSES_ROOT\clsid\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD292324-974F-4224-E427-A0E0301BF425}"= "c:\progra~1\ATLANT~1.NET\Toolbar\Toolbar.dll" [2006-03-22 1724928]
"{1F1E8D7B-FE22-4B03-810D-DC9E2347CD02}"= "c:\program files\fvnorthwestern\tbfvn0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{cd292324-974f-4224-e427-a0e0301bf425}]
[HKEY_CLASSES_ROOT\Toolbar.AtlantaBraves.net]

[HKEY_CLASSES_ROOT\clsid\{1f1e8d7b-fe22-4b03-810d-dc9e2347cd02}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"CommunityTray"="c:\program files\VTech\Community\System\Startup.exe" [2008-03-15 11776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-03-30 118784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Sonic RecordNow!^Startup^desktop.ini]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Sonic RecordNow!\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Sonic RecordNow!^Startup^HP Organize.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Sonic RecordNow!\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
c:\program files\Common Files\AOL\ACS\AOLDial.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Internet Window Washer]
--a------ 2007-04-08 21:02 1503744 c:\progra~1\FREEIN~1\Clearpch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 16:51 118784 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 19:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 16:55 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 23:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
c:\program files\Microsoft Money\System\mnyexpr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-10-16 19:57 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
c:\program files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2004-04-14 23:43 233472 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Road Runner PhotoShow Media Manager]
c:\progra~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_02\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 11:57 2506752 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
c:\program files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2005-03-04 12:01 88209 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 14:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"{00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC}"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"vsmon"=2 (0x2)
"VETMSGNT"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"MDM"=2 (0x2)
"CAISafe"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FileZilla Client\\filezilla.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Easy Internet signup\\HPSdpApp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\VTech\\Community\\System\\PCTray.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-05-14 508288]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]
S4 {00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC};ViruScape Guard Service;"c:\program files\Tera Innovations\ViruScape\VS32.exe" -installguard --> c:\program files\Tera Innovations\ViruScape\VS32.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-01 c:\windows\Tasks\User_Feed_Synchronization-{97681171-BE9F-43F2-8540-92002CBA391B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Search - http://bar.mywebsear...?p=ZCYYYYYYYYUS
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
DPF: GenealogyBrowser.Cab - hxxp://209.90.101.200/cabs/zinst.cab
DPF: ZInst.Cab - hxxp://209.90.101.200/cabs/zinst.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://ocracokeharborinn.dyndns.org/VatDec.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://eilandonan.remotemanager.co.uk/common/activex/MJPEGRender.ocx
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 10:18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 10:27:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 14:27:07
ComboFix2.txt 2009-04-01 18:41:19

Pre-Run: 17,944,551,424 bytes free
Post-Run: 18,045,112,320 bytes free

307 --- E O F --- 2009-03-14 04:34:41

Edited by seaspiritnw, 02 April 2009 - 09:11 AM.

  • 0

#9
heir
Posted 02 April 2009 - 12:11 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's remove remove some and do a couple of scans in case something is lurking in there.


Step 1.
Alternate Data Stream fix:

To clear the stream files on the NTFS partitions, do the following:

  • Download the utility Klstreamremover.zip
  • Unzip the archive in C:\
  • Goto Start -> Run..
  • Copy this line 
    C:\Kl stream remover.exe -r
    and paste it in the field and click OK
  • Wait utility work to finish

Note: if there are several NTFS partitions on your computer, repeat previously described actions for each partition.


Step 2.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
c:\windows\system32\stu2.exe
c:\program files\QuickTime\bak\qttask.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 3.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that is saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 4.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 5.
Scan with MABM:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 6.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 7.
Things I would like to see in your reply:

  • The content of the fixlog from OTL2 from Step 2.
  • The content of OTListIt.txt from Step 3.
  • The content of the report from MBAM from Step 5.
  • The content of the report from Kaspersky Online Scanner from Step 6.
  • Information on how your computer is running now

  • 0

#10
seaspiritnw
Posted 02 April 2009 - 05:00 PM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
KIstreamremover will not run... I have the logs from OTL and malwarebytes






========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\windows\system32\stu2.exe moved successfully.
c:\program files\QuickTime\bak\qttask.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF67AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF875B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF877A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\a_ds_clrpg_f[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\index_f[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\print[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\DE4WJGON\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\46XX68Q2\Malware-Spyware-Cleaning-Guide-t2852[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\1F0XG40D\Strange-error-message-repeats-over-over-Can-you-help-please-upd-t233994[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00bbf.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.9.0 log created on 04022009_150255

Files moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF67AD.tmp moved successfully.
File C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF875B.tmp not found!
File C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF877A.tmp not found!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\a_ds_clrpg_f[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\index_f[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\print[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\DE4WJGON\iframe[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\46XX68Q2\Malware-Spyware-Cleaning-Guide-t2852[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\1F0XG40D\Strange-error-message-repeats-over-over-Can-you-help-please-upd-t233994[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat not found!
File C:\WINDOWS\temp\ZLT00bbf.TMP not found!

Registry entries deleted on Reboot...



OTLtxt


========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\windows\system32\stu2.exe moved successfully.
c:\program files\QuickTime\bak\qttask.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF67AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF875B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF877A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\a_ds_clrpg_f[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\index_f[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\print[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\DE4WJGON\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\46XX68Q2\Malware-Spyware-Cleaning-Guide-t2852[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\1F0XG40D\Strange-error-message-repeats-over-over-Can-you-help-please-upd-t233994[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00bbf.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.9.0 log created on 04022009_150255

Files moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF67AD.tmp moved successfully.
File C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF875B.tmp not found!
File C:\Documents and Settings\HP_Owner\Local Settings\temp\~DF877A.tmp not found!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\a_ds_clrpg_f[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\index_f[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JHQPPPN2\print[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\DE4WJGON\iframe[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\46XX68Q2\Malware-Spyware-Cleaning-Guide-t2852[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\1F0XG40D\Strange-error-message-repeats-over-over-Can-you-help-please-upd-t233994[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat not found!
File C:\WINDOWS\temp\ZLT00bbf.TMP not found!

Registry entries deleted on Reboot...



Malwarebytes log


Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 3

4/2/2009 2:42:18 PM
mbam-log-2009-04-02 (14-42-18).txt

Scan type: Quick Scan
Objects scanned: 83480
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


kapersky detected nothing and a blank report was issued
  • 0

Advertisements

#11
heir
Posted 02 April 2009 - 11:17 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Typo. Let's do it like this then.

Step 1.
Alternate Data Stream fix:

To clear the stream files on the NTFS partitions, do the following:

  • Download the utility Klstreamremover.zip
  • Unzip the archive in C:\
  • Goto Start -> Run..
  • Copy this line 
    C:\KLStreamRemover.exe -r
    and paste it in the field and click OK
  • Wait utility work to finish

Note: if there are several NTFS partitions on your computer, repeat previously described actions for each partition.


Step 2.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that is saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 3.
Things I would like to see in your reply:

  • The content of OTListIt.txt from step 2.
  • Information on how you computer is running.

  • 0

#12
seaspiritnw
Posted 03 April 2009 - 07:50 AM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Stream remover still will not run. Get error message that file cannot be found. Have tried it 4 times and it still won't run, now there are 4 copies I can't get rid of..lol.. Here is the newest OTL log... all those other programs run fine. Computer was running fine but has started to get slow at times, as when I was posting this. Was slow to load. Last night I ran spybot and superspyware again ..found adware..quarantined and deleted.

One thing that I noticed a few weeks ago is I can't burn CD's anymore. Didn't think about that till just now but it started out as only every so often and now can't do them at all. Not sure if that info will help. Sorry I didn't about it before but I haven't tried it lately and forgot all about it.
Thank you for all you are doing..

OTL Log


OTListIt logfile created on: 4/3/2009 9:38:21 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.9.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 353.04 Mb Available Physical Memory | 46.48% Memory free
1.81 Gb Paging File | 1.29 Gb Available in Paging File | 71.13% Paging File free
Paging file location(s): C:\pagefile.sys 1138 1138;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.67 Gb Total Space | 15.65 Gb Free Space | 49.40% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.76 Gb Free Space | 13.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKBEARD
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\VTech\Community\System\PCTray.exe (VTech)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Disabled | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ICDSPTSV [On_Demand | Stopped]) -- File not found
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - ({00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC} [Disabled | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (PAC207 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (VNUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4

FF - HKLM\software\mozilla\Firefox\extensions\\{3A82A17B-F1DE-408A-AB30-11F63F57BCA2}: C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\APPLICATION DATA\{3A82A17B-F1DE-408A-AB30-11F63F57BCA2} [2009/01/16 10:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/10/24 21:07:46 | 00,000,000 | ---D | M]

[2008/12/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2008/12/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/08/16 19:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\zo7z4muq.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (fvnorthwestern Toolbar) - {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AtlantaBraves.net) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: () - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (fvnorthwestern Toolbar) - {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AtlantaBraves.net) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1F1E8D7B-FE22-4B03-810D-DC9E2347CD02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CommunityTray] "C:\Program Files\VTech\Community\System\Startup.exe" (VTech)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCYYYYYYYYUS
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://ocracokeharbo....org/VatDec.cab (VatCtrl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.h...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust...an/pestscan.cab (PSFormX Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.co...amPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1195054723890 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.putfile.c...Uploader4-5.cab (Image Uploader Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://67.77.132.2/a...sCamControl.cab (CamImage Class)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://eilandonan.re...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by116fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: GenealogyBrowser.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O16 - DPF: ZInst.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[9999/01/20 04:09:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/02 19:01:17 | 00,006,039 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\virusmal.rtf
[2009/04/02 19:01:17 | 00,003,917 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\error2.rtf
[2009/04/02 19:01:02 | 03,893,063 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\license.jpg
[2009/04/02 19:01:02 | 00,010,728 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\scans5.rtf
[2009/04/02 15:02:55 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/02 14:51:32 | 00,500,224 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/04/02 10:31:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/01 22:35:10 | 00,082,671 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam00.jpg
[2009/04/01 22:33:49 | 00,082,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam.jpg
[2009/04/01 15:45:50 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/01 15:45:37 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\LopSD.exe
[2009/04/01 14:21:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/01 14:21:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/01 14:21:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/01 14:21:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/01 14:21:12 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/04/01 14:21:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/01 14:21:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/01 14:21:12 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/04/01 14:21:12 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/01 14:21:00 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/01 13:58:25 | 79,644,6720 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/01 13:51:10 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/01 13:48:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/01 13:41:35 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/01 13:26:03 | 03,062,098 | R--- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2009/04/01 13:25:46 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SDFix.exe
[2009/04/01 09:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/03/31 18:00:45 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB
[2009/03/31 17:59:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/31 17:58:46 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2009/03/31 17:58:09 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/03/31 17:57:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/03/31 17:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/03/31 17:57:58 | 00,350,191 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/31 12:35:33 | 00,083,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\featured_member_and_nominee.jpg
[2009/03/31 12:35:32 | 00,921,654 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\t9il.bmp
[2009/03/31 12:35:32 | 00,536,721 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website0.rtf
[2009/03/31 12:35:32 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\df.bmp
[2009/03/31 12:35:32 | 00,016,696 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\clown4.gif
[2009/03/31 12:35:31 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website.doc
[2009/03/31 12:35:31 | 00,070,638 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\bannerfans_95822mpnc.jpg
[2009/03/31 12:35:31 | 00,044,114 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mtc banner.gif
[2009/03/31 12:35:31 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kcaddy.rtf
[2009/03/31 12:33:48 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\QuickTime Player0.lnk
[2009/03/31 12:33:32 | 02,719,216 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\HP_Owner\My Documents\ccsetup140.exe
[2009/03/31 12:33:32 | 00,001,846 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\MSN.lnk
[2009/03/31 12:33:32 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Register with HP.url
[2009/03/31 12:33:22 | 01,218,785 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mvc2007us_tucows.zip
[2009/03/31 12:33:22 | 00,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\User Agent String Utility.lnk
[2009/03/31 12:33:22 | 00,001,697 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Install Quicken New User Edition.lnk
[2009/03/31 12:33:22 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\RealPlayer.lnk
[2009/03/31 12:33:22 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Acom_160x600.js
[2009/03/31 12:33:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\mvc2007us_tucows
[2009/03/31 12:13:04 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\NTREGOPT.lnk
[2009/03/31 12:13:04 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ERUNT.lnk
[2009/03/31 11:59:38 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/31 11:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/30 22:05:16 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/30 20:50:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/30 20:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/29 21:31:54 | 00,020,722 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\error1.jpg
[2009/03/29 16:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/29 16:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/29 16:07:18 | 00,106,136 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Clipboard01error.jpg
[2009/03/29 16:06:57 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 16:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/28 23:25:34 | 00,008,711 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam94.jpg
[2009/03/28 23:24:40 | 00,082,653 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam8.jpg
[2009/03/28 18:57:12 | 00,012,114 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAVWS6IO.jpg
[2009/03/28 18:55:14 | 00,011,932 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAYPDTQR.jpg
[2009/03/28 18:54:59 | 00,011,964 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAIXZ2TN.jpg
[2009/03/26 21:39:23 | 00,010,585 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam101010.jpg
[2009/03/26 21:38:28 | 00,010,592 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1454.jpg
[2009/03/25 22:47:32 | 00,018,059 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\deckcam.jpg
[2009/03/24 14:05:32 | 00,033,502 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (5).jpg
[2009/03/24 14:05:28 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (4).bmp
[2009/03/24 14:05:25 | 00,021,069 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (3).jpg
[2009/03/24 14:05:21 | 00,023,563 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (2).jpg
[2009/03/24 14:05:16 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (1).bmp
[2009/03/24 14:05:02 | 00,006,457 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409.jpg
[2009/03/24 14:04:45 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled2.bmp
[2009/03/24 14:04:45 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled.bmp
[2009/03/24 14:04:45 | 00,033,502 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\fae.jpg
[2009/03/24 14:04:45 | 00,023,563 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled0.jpg
[2009/03/24 14:04:45 | 00,021,069 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\heart.jpg
[2009/03/24 14:04:11 | 00,267,529 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1-animate.gif
[2009/03/24 14:04:11 | 00,235,428 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn-animate.gif
[2009/03/24 14:04:11 | 00,213,007 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\100-animate.gif
[2009/03/24 12:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\The_Generations_Network
[2009/03/24 12:03:37 | 00,002,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ancestry World Archives Project Keying Tool.lnk
[2009/03/24 12:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ancestry
[2009/03/23 09:08:53 | 00,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2009/03/23 00:01:29 | 00,008,960 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam22.jpg
[2009/03/23 00:01:29 | 00,008,903 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam23.jpg
[2009/03/23 00:01:29 | 00,008,870 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam21.jpg
[2009/03/23 00:01:29 | 00,008,856 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam20.jpg
[2009/03/23 00:01:29 | 00,008,849 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam2.jpg
[2009/03/22 23:56:22 | 00,013,082 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\100.jpg
[2009/03/22 23:28:40 | 00,018,611 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn.jpg
[2009/03/22 23:23:56 | 00,008,858 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAER63U8.jpg
[2009/03/22 23:21:56 | 00,008,801 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam200.jpg
[2009/03/22 20:51:03 | 00,299,013 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\atlanta_braves.pdf
[2009/03/22 20:50:55 | 00,184,777 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\carolina_tarheels.pdf
[2009/03/22 20:50:17 | 00,081,027 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\nascar.pdf
[2009/03/22 20:47:34 | 00,013,849 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson_std gimp.PAT
[2009/03/22 20:47:12 | 00,163,101 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson.pdf
[2009/03/22 16:03:53 | 00,680,155 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\wildthings.zip
[2009/03/22 00:09:10 | 00,007,291 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\5.jpg
[2009/03/22 00:09:10 | 00,007,233 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\6.jpg
[2009/03/22 00:09:10 | 00,007,158 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\4.jpg
[2009/03/22 00:09:10 | 00,007,154 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2.jpg
[2009/03/22 00:09:10 | 00,007,147 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\3.jpg
[2009/03/22 00:09:10 | 00,007,112 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\1.jpg
[2009/03/21 23:14:40 | 00,015,534 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1.jpg
[2009/03/19 21:18:04 | 00,443,392 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FBK
[2009/03/19 21:16:54 | 00,443,392 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FTW
[2009/03/19 21:15:31 | 00,679,936 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mygedP.FBK
[2009/03/10 22:23:05 | 00,008,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1ji.jpg
[2009/03/09 17:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\Smilebox
[2009/03/06 22:08:23 | 00,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2009/03/06 22:08:23 | 00,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/03/06 22:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2009/03/06 22:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC CIF Camer@
[2009/03/06 22:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2009/03/06 21:36:03 | 00,005,175 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam3.jpg

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[9999/01/20 04:10:18 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[9999/01/20 04:09:44 | 00,000,316 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2009/04/03 09:36:12 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/03 08:48:39 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/03 08:47:47 | 00,350,191 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/04/03 08:47:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 08:46:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 08:46:36 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/02 15:04:11 | 03,735,032 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2009/04/02 14:51:35 | 00,500,224 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/04/02 14:41:59 | 00,010,728 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\scans5.rtf
[2009/04/02 13:48:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/02 13:48:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/02 13:47:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/02 13:47:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/02 13:45:23 | 03,893,063 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\license.jpg
[2009/04/02 12:16:27 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{97681171-BE9F-43F2-8540-92002CBA391B}.job
[2009/04/02 11:46:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/02 11:46:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/02 11:46:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/02 11:46:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/02 11:43:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/02 11:43:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/02 11:43:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/02 11:43:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/02 10:18:42 | 00,000,316 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/02 10:17:48 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/02 09:38:42 | 00,003,917 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\error2.rtf
[2009/04/01 22:35:09 | 00,082,671 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam00.jpg
[2009/04/01 22:33:36 | 00,082,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam.jpg
[2009/04/01 15:45:50 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\LopSD.exe
[2009/04/01 13:51:11 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/01 13:30:01 | 00,006,039 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\virusmal.rtf
[2009/04/01 13:26:13 | 03,062,098 | R--- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2009/04/01 13:25:46 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SDFix.exe
[2009/03/31 11:59:38 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/30 20:49:59 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\NTREGOPT.lnk
[2009/03/30 20:49:59 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ERUNT.lnk
[2009/03/29 21:31:54 | 00,020,722 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\error1.jpg
[2009/03/29 16:10:12 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\QuickTime Player0.lnk
[2009/03/29 16:07:18 | 00,106,136 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Clipboard01error.jpg
[2009/03/29 16:06:57 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 11:02:31 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner.lnk
[2009/03/28 23:25:29 | 00,008,711 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam94.jpg
[2009/03/28 23:24:32 | 00,082,653 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam8.jpg
[2009/03/28 18:57:06 | 00,012,114 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAVWS6IO.jpg
[2009/03/28 18:55:10 | 00,011,932 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAYPDTQR.jpg
[2009/03/28 18:54:50 | 00,011,964 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAIXZ2TN.jpg
[2009/03/27 00:28:27 | 00,016,696 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\clown4.gif
[2009/03/26 21:39:14 | 00,010,585 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam101010.jpg
[2009/03/26 21:38:19 | 00,010,592 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1454.jpg
[2009/03/26 21:21:29 | 00,001,179 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/26 21:21:29 | 00,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2009/03/26 21:21:27 | 01,425,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\tree 1.FTW
[2009/03/26 21:21:27 | 01,425,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\tree 1.FBK
[2009/03/26 19:26:45 | 00,536,721 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website0.rtf
[2009/03/26 18:52:55 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website.doc
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 22:47:27 | 00,018,059 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\deckcam.jpg
[2009/03/24 22:32:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/24 22:32:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/24 22:32:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/03/24 22:32:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/24 14:09:51 | 00,002,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ancestry World Archives Project Keying Tool.lnk
[2009/03/23 14:34:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/23 14:34:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/23 11:51:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/23 11:51:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/23 11:40:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/23 11:40:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/23 11:39:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/23 11:39:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/23 11:38:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/23 11:38:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/23 09:08:53 | 00,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2009/03/22 23:56:31 | 00,213,007 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\100-animate.gif
[2009/03/22 23:56:23 | 00,013,082 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\100.jpg
[2009/03/22 23:28:46 | 00,235,428 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn-animate.gif
[2009/03/22 23:28:40 | 00,018,611 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn.jpg
[2009/03/22 23:23:49 | 00,008,858 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAER63U8.jpg
[2009/03/22 23:21:49 | 00,008,801 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam200.jpg
[2009/03/22 23:20:49 | 00,008,903 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam23.jpg
[2009/03/22 23:20:39 | 00,008,960 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam22.jpg
[2009/03/22 23:20:29 | 00,008,870 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam21.jpg
[2009/03/22 23:20:19 | 00,008,856 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam20.jpg
[2009/03/22 23:20:04 | 00,008,849 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam2.jpg
[2009/03/22 20:51:05 | 00,299,013 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\atlanta_braves.pdf
[2009/03/22 20:50:55 | 00,184,777 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\carolina_tarheels.pdf
[2009/03/22 20:50:17 | 00,081,027 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\nascar.pdf
[2009/03/22 20:47:34 | 00,013,849 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson_std gimp.PAT
[2009/03/22 20:47:13 | 00,163,101 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson.pdf
[2009/03/22 16:03:54 | 00,680,155 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\wildthings.zip
[2009/03/21 23:14:46 | 00,267,529 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1-animate.gif
[2009/03/21 23:14:40 | 00,015,534 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1.jpg
[2009/03/21 23:11:50 | 00,007,233 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\6.jpg
[2009/03/21 23:11:40 | 00,007,291 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\5.jpg
[2009/03/21 23:11:30 | 00,007,158 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\4.jpg
[2009/03/21 23:11:25 | 00,007,147 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\3.jpg
[2009/03/21 23:11:20 | 00,007,154 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2.jpg
[2009/03/21 23:11:00 | 00,007,112 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\1.jpg
[2009/03/19 21:20:39 | 00,443,392 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FTW
[2009/03/19 21:20:39 | 00,443,392 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FBK
[2009/03/19 21:17:04 | 00,679,936 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mygedP.FTW
[2009/03/19 21:17:04 | 00,679,936 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mygedP.FBK
[2009/03/18 23:08:55 | 00,033,502 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\fae.jpg
[2009/03/18 23:08:55 | 00,033,502 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (5).jpg
[2009/03/18 23:05:33 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled2.bmp
[2009/03/18 23:05:33 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (4).bmp
[2009/03/18 22:44:49 | 00,021,069 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\heart.jpg
[2009/03/18 22:44:49 | 00,021,069 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (3).jpg
[2009/03/18 22:40:33 | 00,023,563 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled0.jpg
[2009/03/18 22:40:33 | 00,023,563 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (2).jpg
[2009/03/18 22:39:36 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled.bmp
[2009/03/18 22:39:36 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (1).bmp
[2009/03/18 16:03:39 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/17 21:17:59 | 00,006,457 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409.jpg
[2009/03/17 10:29:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/17 10:29:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/16 10:54:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/16 10:54:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/16 10:54:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/16 10:54:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/15 17:14:51 | 00,044,114 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mtc banner.gif
[2009/03/14 15:35:35 | 00,070,638 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\bannerfans_95822mpnc.jpg
[2009/03/14 10:12:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/03/14 10:12:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/14 10:11:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/03/14 10:11:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/03/14 10:11:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/03/14 10:11:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/11 15:08:17 | 00,518,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 15:01:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 22:22:48 | 00,008,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1ji.jpg
[2009/03/09 11:50:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/09 11:50:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/08 10:43:20 | 00,480,356 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 10:43:20 | 00,407,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 10:43:20 | 00,064,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 21:35:58 | 00,005,175 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam3.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\HP_Owner\My Documents\Genealogy.com Prevette Homepage.url:favicon
< End of report >

Edited by seaspiritnw, 03 April 2009 - 07:54 AM.

  • 0

#13
heir
Posted 03 April 2009 - 08:08 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Stream remover still will not run. Get error message that file cannot be found. Have tried it 4 times and it still won't run, now there are 4 copies I can't get rid of..lol.. Here is the newest OTL log... all those other programs run fine. Computer was running fine but has started to get slow at times, as when I was posting this. Was slow to load. Last night I ran spybot and superspyware again ..found adware..quarantined and deleted.

No worries the streams are gone.
We're going to take care of the four KLStreamRemover files in a moment.

One thing that I noticed a few weeks ago is I can't burn CD's anymore. Didn't think about that till just now but it started out as only every so often and now can't do them at all. Not sure if that info will help. Sorry I didn't about it before but I haven't tried it lately and forgot all about it.

That's OK. We'll have a look at it when we're done cleaning malware.



  • Double click on OTlistIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans box at the bottom left paste the following in

    C:\*

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Edited by heir, 03 April 2009 - 08:12 AM.

  • 0

#14
seaspiritnw
Posted 03 April 2009 - 08:30 AM

seaspiritnw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
New OTL Log

OTListIt logfile created on: 4/3/2009 10:27:19 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.9.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 347.00 Mb Available Physical Memory | 45.69% Memory free
1.81 Gb Paging File | 1.28 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): C:\pagefile.sys 1138 1138;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.67 Gb Total Space | 15.64 Gb Free Space | 49.37% Space Free | Partition Type: NTFS
Drive D: | 5.58 Gb Total Space | 0.76 Gb Free Space | 13.61% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLACKBEARD
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\VTech\Community\System\PCTray.exe (VTech)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Disabled | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ICDSPTSV [On_Demand | Stopped]) -- File not found
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - ({00008375-0Ab24-0D93-DFC9-9DC83F7AD8BC} [Disabled | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (PAC207 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (VNUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4

FF - HKLM\software\mozilla\Firefox\extensions\\{3A82A17B-F1DE-408A-AB30-11F63F57BCA2}: C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\APPLICATION DATA\{3A82A17B-F1DE-408A-AB30-11F63F57BCA2} [2009/01/16 10:06:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/10/24 21:07:46 | 00,000,000 | ---D | M]

[2008/12/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2008/12/09 16:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/08/16 19:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\zo7z4muq.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (fvnorthwestern Toolbar) - {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AtlantaBraves.net) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: () - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (fvnorthwestern Toolbar) - {1f1e8d7b-fe22-4b03-810d-dc9e2347cd02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AtlantaBraves.net) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1F1E8D7B-FE22-4B03-810D-DC9E2347CD02} - C:\Program Files\fvnorthwestern\tbfvn0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-E427-A0E0301BF425} - C:\Program Files\AtlantaBraves.net\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CommunityTray] "C:\Program Files\VTech\Community\System\Startup.exe" (VTech)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCYYYYYYYYUS
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://ocracokeharbo....org/VatDec.cab (VatCtrl Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.h...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust...an/pestscan.cab (PSFormX Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.co...amPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1195054723890 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.putfile.c...Uploader4-5.cab (Image Uploader Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://67.77.132.2/a...sCamControl.cab (CamImage Class)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://eilandonan.re...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by116fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: GenealogyBrowser.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O16 - DPF: ZInst.Cab http://209.90.101.200/cabs/zinst.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[9999/01/20 04:09:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/02 19:01:17 | 00,006,039 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\virusmal.rtf
[2009/04/02 19:01:17 | 00,003,917 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\error2.rtf
[2009/04/02 19:01:02 | 03,893,063 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\license.jpg
[2009/04/02 19:01:02 | 00,010,728 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\scans5.rtf
[2009/04/02 15:02:55 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/02 14:51:32 | 00,500,224 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/04/02 10:31:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/01 22:35:10 | 00,082,671 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam00.jpg
[2009/04/01 22:33:49 | 00,082,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam.jpg
[2009/04/01 15:45:50 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/01 15:45:37 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\LopSD.exe
[2009/04/01 14:21:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/01 14:21:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/01 14:21:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/01 14:21:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/01 14:21:12 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/04/01 14:21:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/01 14:21:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/01 14:21:12 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/04/01 14:21:12 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/01 14:21:00 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/01 13:58:25 | 79,644,6720 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/01 13:51:10 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/01 13:48:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/01 13:41:35 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/01 13:26:03 | 03,062,098 | R--- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2009/04/01 13:25:46 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\SDFix.exe
[2009/04/01 09:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/03/31 18:00:45 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB
[2009/03/31 17:59:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/31 17:58:46 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2009/03/31 17:58:09 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/03/31 17:57:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/03/31 17:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/03/31 17:57:58 | 00,350,191 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/31 12:35:33 | 00,083,257 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\featured_member_and_nominee.jpg
[2009/03/31 12:35:32 | 00,921,654 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\t9il.bmp
[2009/03/31 12:35:32 | 00,536,721 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website0.rtf
[2009/03/31 12:35:32 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\df.bmp
[2009/03/31 12:35:32 | 00,016,696 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\clown4.gif
[2009/03/31 12:35:31 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website.doc
[2009/03/31 12:35:31 | 00,070,638 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\bannerfans_95822mpnc.jpg
[2009/03/31 12:35:31 | 00,044,114 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mtc banner.gif
[2009/03/31 12:35:31 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\kcaddy.rtf
[2009/03/31 12:33:48 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\QuickTime Player0.lnk
[2009/03/31 12:33:32 | 02,719,216 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\HP_Owner\My Documents\ccsetup140.exe
[2009/03/31 12:33:32 | 00,001,846 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\MSN.lnk
[2009/03/31 12:33:32 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Register with HP.url
[2009/03/31 12:33:22 | 01,218,785 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mvc2007us_tucows.zip
[2009/03/31 12:33:22 | 00,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\User Agent String Utility.lnk
[2009/03/31 12:33:22 | 00,001,697 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Install Quicken New User Edition.lnk
[2009/03/31 12:33:22 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\RealPlayer.lnk
[2009/03/31 12:33:22 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Acom_160x600.js
[2009/03/31 12:33:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\mvc2007us_tucows
[2009/03/31 12:13:04 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\NTREGOPT.lnk
[2009/03/31 12:13:04 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ERUNT.lnk
[2009/03/31 11:59:38 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/31 11:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/30 22:05:16 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/30 20:50:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/30 20:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/29 21:31:54 | 00,020,722 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\error1.jpg
[2009/03/29 16:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/29 16:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/29 16:07:18 | 00,106,136 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Clipboard01error.jpg
[2009/03/29 16:06:57 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 16:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/28 23:25:34 | 00,008,711 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam94.jpg
[2009/03/28 23:24:40 | 00,082,653 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam8.jpg
[2009/03/28 18:57:12 | 00,012,114 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAVWS6IO.jpg
[2009/03/28 18:55:14 | 00,011,932 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAYPDTQR.jpg
[2009/03/28 18:54:59 | 00,011,964 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAIXZ2TN.jpg
[2009/03/26 21:39:23 | 00,010,585 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam101010.jpg
[2009/03/26 21:38:28 | 00,010,592 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1454.jpg
[2009/03/25 22:47:32 | 00,018,059 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\deckcam.jpg
[2009/03/24 14:05:32 | 00,033,502 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (5).jpg
[2009/03/24 14:05:28 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (4).bmp
[2009/03/24 14:05:25 | 00,021,069 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (3).jpg
[2009/03/24 14:05:21 | 00,023,563 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (2).jpg
[2009/03/24 14:05:16 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (1).bmp
[2009/03/24 14:05:02 | 00,006,457 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409.jpg
[2009/03/24 14:04:45 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled2.bmp
[2009/03/24 14:04:45 | 00,230,454 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled.bmp
[2009/03/24 14:04:45 | 00,033,502 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\fae.jpg
[2009/03/24 14:04:45 | 00,023,563 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled0.jpg
[2009/03/24 14:04:45 | 00,021,069 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\heart.jpg
[2009/03/24 14:04:11 | 00,267,529 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1-animate.gif
[2009/03/24 14:04:11 | 00,235,428 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn-animate.gif
[2009/03/24 14:04:11 | 00,213,007 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\100-animate.gif
[2009/03/24 12:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\The_Generations_Network
[2009/03/24 12:03:37 | 00,002,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ancestry World Archives Project Keying Tool.lnk
[2009/03/24 12:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ancestry
[2009/03/23 09:08:53 | 00,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2009/03/23 00:01:29 | 00,008,960 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam22.jpg
[2009/03/23 00:01:29 | 00,008,903 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam23.jpg
[2009/03/23 00:01:29 | 00,008,870 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam21.jpg
[2009/03/23 00:01:29 | 00,008,856 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam20.jpg
[2009/03/23 00:01:29 | 00,008,849 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cam2.jpg
[2009/03/22 23:56:22 | 00,013,082 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\100.jpg
[2009/03/22 23:28:40 | 00,018,611 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn.jpg
[2009/03/22 23:23:56 | 00,008,858 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAER63U8.jpg
[2009/03/22 23:21:56 | 00,008,801 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam200.jpg
[2009/03/22 20:51:03 | 00,299,013 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\atlanta_braves.pdf
[2009/03/22 20:50:55 | 00,184,777 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\carolina_tarheels.pdf
[2009/03/22 20:50:17 | 00,081,027 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\nascar.pdf
[2009/03/22 20:47:34 | 00,013,849 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson_std gimp.PAT
[2009/03/22 20:47:12 | 00,163,101 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson.pdf
[2009/03/22 16:03:53 | 00,680,155 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\wildthings.zip
[2009/03/22 00:09:10 | 00,007,291 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\5.jpg
[2009/03/22 00:09:10 | 00,007,233 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\6.jpg
[2009/03/22 00:09:10 | 00,007,158 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\4.jpg
[2009/03/22 00:09:10 | 00,007,154 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\2.jpg
[2009/03/22 00:09:10 | 00,007,147 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\3.jpg
[2009/03/22 00:09:10 | 00,007,112 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\1.jpg
[2009/03/21 23:14:40 | 00,015,534 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1.jpg
[2009/03/19 21:18:04 | 00,443,392 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FBK
[2009/03/19 21:16:54 | 00,443,392 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FTW
[2009/03/19 21:15:31 | 00,679,936 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mygedP.FBK
[2009/03/10 22:23:05 | 00,008,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1ji.jpg
[2009/03/09 17:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\Smilebox
[2009/03/06 22:08:23 | 00,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2009/03/06 22:08:23 | 00,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/03/06 22:08:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2009/03/06 22:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\PC CIF Camer@
[2009/03/06 22:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2009/03/06 21:36:03 | 00,005,175 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\cam3.jpg

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[9999/01/20 04:10:18 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[9999/01/20 04:09:44 | 00,000,316 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2009/04/03 10:21:52 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/03 08:48:39 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/03 08:47:47 | 00,350,191 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/04/03 08:47:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 08:46:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 08:46:36 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/02 15:04:11 | 03,735,032 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2009/04/02 14:51:35 | 00,500,224 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe
[2009/04/02 14:41:59 | 00,010,728 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\scans5.rtf
[2009/04/02 13:48:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/02 13:48:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/02 13:47:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/02 13:47:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/02 13:45:23 | 03,893,063 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\license.jpg
[2009/04/02 12:16:27 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{97681171-BE9F-43F2-8540-92002CBA391B}.job
[2009/04/02 11:46:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/02 11:46:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/02 11:46:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/02 11:46:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/02 11:43:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/02 11:43:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/02 11:43:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/02 11:43:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/02 10:18:42 | 00,000,316 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/02 10:17:48 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/02 09:38:42 | 00,003,917 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\error2.rtf
[2009/04/01 22:35:09 | 00,082,671 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam00.jpg
[2009/04/01 22:33:36 | 00,082,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ghostcam.jpg
[2009/04/01 15:45:50 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\LopSD.exe
[2009/04/01 13:51:11 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/01 13:30:01 | 00,006,039 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\virusmal.rtf
[2009/04/01 13:26:13 | 03,062,098 | R--- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2009/04/01 13:25:46 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\SDFix.exe
[2009/03/31 11:59:38 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/30 20:49:59 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\NTREGOPT.lnk
[2009/03/30 20:49:59 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ERUNT.lnk
[2009/03/29 21:31:54 | 00,020,722 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\error1.jpg
[2009/03/29 16:10:12 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\QuickTime Player0.lnk
[2009/03/29 16:07:18 | 00,106,136 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Clipboard01error.jpg
[2009/03/29 16:06:57 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 11:02:31 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\CCleaner.lnk
[2009/03/28 23:25:29 | 00,008,711 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam94.jpg
[2009/03/28 23:24:32 | 00,082,653 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam8.jpg
[2009/03/28 18:57:06 | 00,012,114 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAVWS6IO.jpg
[2009/03/28 18:55:10 | 00,011,932 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAYPDTQR.jpg
[2009/03/28 18:54:50 | 00,011,964 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1CAIXZ2TN.jpg
[2009/03/27 00:28:27 | 00,016,696 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\clown4.gif
[2009/03/26 21:39:14 | 00,010,585 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam101010.jpg
[2009/03/26 21:38:19 | 00,010,592 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1454.jpg
[2009/03/26 21:21:29 | 00,001,179 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/26 21:21:29 | 00,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2009/03/26 21:21:27 | 01,425,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\tree 1.FTW
[2009/03/26 21:21:27 | 01,425,920 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\tree 1.FBK
[2009/03/26 19:26:45 | 00,536,721 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website0.rtf
[2009/03/26 18:52:55 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\fan_advisory_board_application_for_website.doc
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 22:47:27 | 00,018,059 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\deckcam.jpg
[2009/03/24 22:32:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/24 22:32:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/24 22:32:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/03/24 22:32:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/24 14:09:51 | 00,002,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ancestry World Archives Project Keying Tool.lnk
[2009/03/23 14:34:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/23 14:34:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/23 11:51:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/23 11:51:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/23 11:40:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/23 11:40:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/23 11:39:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/23 11:39:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/23 11:38:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/23 11:38:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/23 09:08:53 | 00,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2009/03/22 23:56:31 | 00,213,007 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\100-animate.gif
[2009/03/22 23:56:23 | 00,013,082 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\100.jpg
[2009/03/22 23:28:46 | 00,235,428 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn-animate.gif
[2009/03/22 23:28:40 | 00,018,611 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mmn.jpg
[2009/03/22 23:23:49 | 00,008,858 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam2CAER63U8.jpg
[2009/03/22 23:21:49 | 00,008,801 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam200.jpg
[2009/03/22 23:20:49 | 00,008,903 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam23.jpg
[2009/03/22 23:20:39 | 00,008,960 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam22.jpg
[2009/03/22 23:20:29 | 00,008,870 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam21.jpg
[2009/03/22 23:20:19 | 00,008,856 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam20.jpg
[2009/03/22 23:20:04 | 00,008,849 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam2.jpg
[2009/03/22 20:51:05 | 00,299,013 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\atlanta_braves.pdf
[2009/03/22 20:50:55 | 00,184,777 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\carolina_tarheels.pdf
[2009/03/22 20:50:17 | 00,081,027 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\nascar.pdf
[2009/03/22 20:47:34 | 00,013,849 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson_std gimp.PAT
[2009/03/22 20:47:13 | 00,163,101 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jimmie_johnson.pdf
[2009/03/22 16:03:54 | 00,680,155 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\wildthings.zip
[2009/03/21 23:14:46 | 00,267,529 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1-animate.gif
[2009/03/21 23:14:40 | 00,015,534 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\jm1.jpg
[2009/03/21 23:11:50 | 00,007,233 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\6.jpg
[2009/03/21 23:11:40 | 00,007,291 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\5.jpg
[2009/03/21 23:11:30 | 00,007,158 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\4.jpg
[2009/03/21 23:11:25 | 00,007,147 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\3.jpg
[2009/03/21 23:11:20 | 00,007,154 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\2.jpg
[2009/03/21 23:11:00 | 00,007,112 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\1.jpg
[2009/03/19 21:20:39 | 00,443,392 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FTW
[2009/03/19 21:20:39 | 00,443,392 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\file2.FBK
[2009/03/19 21:17:04 | 00,679,936 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mygedP.FTW
[2009/03/19 21:17:04 | 00,679,936 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mygedP.FBK
[2009/03/18 23:08:55 | 00,033,502 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\fae.jpg
[2009/03/18 23:08:55 | 00,033,502 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (5).jpg
[2009/03/18 23:05:33 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled2.bmp
[2009/03/18 23:05:33 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (4).bmp
[2009/03/18 22:44:49 | 00,021,069 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\heart.jpg
[2009/03/18 22:44:49 | 00,021,069 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (3).jpg
[2009/03/18 22:40:33 | 00,023,563 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled0.jpg
[2009/03/18 22:40:33 | 00,023,563 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (2).jpg
[2009/03/18 22:39:36 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\untitled.bmp
[2009/03/18 22:39:36 | 00,230,454 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409 (1).bmp
[2009/03/18 16:03:39 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/17 21:17:59 | 00,006,457 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cam409.jpg
[2009/03/17 10:29:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/17 10:29:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/16 10:54:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/16 10:54:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/16 10:54:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/16 10:54:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/15 17:14:51 | 00,044,114 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mtc banner.gif
[2009/03/14 15:35:35 | 00,070,638 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\bannerfans_95822mpnc.jpg
[2009/03/14 10:12:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/03/14 10:12:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/14 10:11:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/03/14 10:11:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/03/14 10:11:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/03/14 10:11:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/11 15:08:17 | 00,518,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 15:01:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 22:22:48 | 00,008,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam1ji.jpg
[2009/03/09 11:50:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/09 11:50:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/08 10:43:20 | 00,480,356 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 10:43:20 | 00,407,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/08 10:43:20 | 00,064,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 21:35:58 | 00,005,175 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\cam3.jpg

========== Custom Scans ==========


< C:\* >
[2006/08/11 15:21:59 | 00,000,040 | ---- | M] () -- C:\Auth.prof
[2004/09/07 02:21:54 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/03/19 16:04:36 | 00,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2008/01/24 12:53:23 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2005/03/19 16:03:33 | 00,000,196 | RHS- | M] () -- C:\BOOTNXX.BAK
[2004/08/04 08:00:00 | 00,260,272 | RHS- | M] () -- C:\cmldr
[2009/04/02 10:27:19 | 00,022,230 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 21:12:53 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/05/28 22:54:34 | 00,837,136 | ---- | M] () -- C:\fvnorthwestern.exe
[2009/04/03 08:46:36 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/11 21:12:53 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/06 10:52:31 | 00,003,514 | -H-- | M] () -- C:\IPH.PH
[2007/11/10 19:58:38 | 00,023,040 | ---- | M] () -- C:\KNVB1.kvb
[2009/04/01 15:53:26 | 00,021,816 | ---- | M] () -- C:\lopR.txt
[2004/08/11 21:12:53 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/02 12:49:37 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/01/16 12:38:45 | 00,304,160 | ---- | M] () -- C:\PA207.DAT
[2009/04/03 08:46:34 | 11,932,79488 | -HS- | M] () -- C:\pagefile.sys
[2007/08/02 13:19:26 | 10,970,624 | ---- | M] () -- C:\python-2.5.1.msi
[2006/10/10 23:08:58 | 00,004,418 | ---- | M] () -- C:\resetlog.txt
[2009/03/30 22:06:41 | 00,002,393 | ---- | M] () -- C:\Rooter.txt
[2007/04/10 15:48:57 | 04,928,212 | ---- | M] (Venturi Wireless ) -- C:\setupPC2_3_030804.exe
[2005/11/01 01:13:34 | 00,523,288 | ---- | M] (Hewlett-Packard Company ) -- C:\sp31392.exe
[2009/03/24 22:32:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/02 11:43:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/02 11:43:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/02 11:46:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/02 11:46:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/02 13:47:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/02 13:48:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/09 11:50:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/03/14 10:11:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/03/14 10:11:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/03/14 10:12:03 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/03/16 10:54:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/03/16 10:54:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/17 10:29:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/23 11:38:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/23 11:39:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/23 11:40:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/23 11:51:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/23 14:34:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/24 22:32:23 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/24 22:32:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/02 11:43:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/02 11:43:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/02 11:46:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/02 11:46:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/02 13:47:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/02 13:48:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/09 11:50:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/03/14 10:11:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/03/14 10:11:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/03/14 10:12:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/03/16 10:54:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/03/16 10:54:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/17 10:29:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/23 11:38:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/23 11:39:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/23 11:40:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/23 11:51:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/23 14:34:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/24 22:32:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/07/25 11:23:38 | 00,000,112 | -H-- | M] () -- C:\T4Metrics.log
[2009/01/17 00:32:02 | 00,000,274 | ---- | M] () -- C:\VundoFix.txt
[2007/12/06 19:43:09 | 00,002,511 | ---- | M] () -- C:\_Sid.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\HP_Owner\My Documents\Genealogy.com Prevette Homepage.url:favicon
< End of report >
  • 0

#15
heir
Posted 03 April 2009 - 11:10 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Where did you unpack that file (KLStreamerRemover.exe) cause it isn't in c:\ as it should be?

Edited by heir, 03 April 2009 - 11:12 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP