Here's combofix log
ComboFix 09-03-18.01 - Chris 2009-03-18 21:39:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT -4:00]
Running from: c:\documents and settings\Chris\Desktop\what.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\Cache
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\mdm.exe
c:\windows\system32\win32x.exe
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WIN32X
-------\Service_UACd.sys
-------\Service_win32x
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-16 23:19 . 2009-03-16 23:19 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-03-16 23:17 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 23:16 . 2009-03-16 23:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-16 23:16 . 2009-03-16 23:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-16 23:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-16 19:06 . 2009-03-16 19:06 <DIR> d-------- c:\program files\Trend Micro
2009-03-09 20:31 . 2009-03-09 20:31 <DIR> d-------- c:\program files\Windows Defender
2009-03-09 19:38 . 2009-03-09 19:38 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-09 19:31 . 2009-03-09 19:31 <DIR> d-------- c:\program files\uTorrent
2009-03-09 19:31 . 2009-03-16 19:06 <DIR> d-------- c:\documents and settings\Chris\Application Data\uTorrent
2009-03-08 15:18 . 2009-03-09 19:54 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-08 15:18 . 2009-03-09 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-01 19:53 . 2009-03-01 19:53 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-01 19:53 . 2009-03-01 19:53 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-01 19:53 . 2009-03-01 19:53 22,328 --a------ c:\documents and settings\Chris\Application Data\PnkBstrK.sys
2009-03-01 19:52 . 2009-03-01 19:52 2,246,144 --a------ c:\windows\system32\pbsvc.exe
2009-03-01 19:52 . 2009-03-01 19:52 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-02-24 17:59 . 2009-01-09 15:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-21 18:02 . 2009-02-21 18:02 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 03:16 --------- d-----w c:\program files\Warcraft III
2009-03-11 18:23 --------- d-----w c:\program files\McAfee
2009-03-11 02:53 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2009-03-09 23:38 --------- d-----w c:\program files\Java
2009-02-22 21:21 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 22:00 --------- d-----w c:\program files\Common Files\Intuit
2009-02-21 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-21 21:58 --------- d-----w c:\program files\TurboTax
2009-02-12 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-30 15:32 60,744 ----a-w c:\documents and settings\Chris\g2mdlhlpx.exe
2007-12-18 00:32 3,902,784 ----a-w c:\documents and settings\Chris\gosetup.exe
2006-11-18 06:10 92,064 ----a-w c:\documents and settings\Chris\mqdmmdm.sys
2006-11-18 06:10 9,232 ----a-w c:\documents and settings\Chris\mqdmmdfl.sys
2006-11-18 06:10 79,328 ----a-w c:\documents and settings\Chris\mqdmserd.sys
2006-11-18 06:10 66,656 ----a-w c:\documents and settings\Chris\mqdmbus.sys
2006-11-18 06:10 6,208 ----a-w c:\documents and settings\Chris\mqdmcmnt.sys
2006-11-18 06:10 5,936 ----a-w c:\documents and settings\Chris\mqdmwhnt.sys
2006-11-18 06:10 4,048 ----a-w c:\documents and settings\Chris\mqdmcr.sys
2006-11-18 06:10 25,600 ----a-w c:\documents and settings\Chris\usbsermptxp.sys
2006-11-18 06:10 22,768 ----a-w c:\documents and settings\Chris\usbsermpt.sys
2006-04-27 22:20 18,048 ----a-w c:\documents and settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2006-02-11 21:17 56 --sha-r c:\windows\system32\BFD3CF9B63.sys
2006-02-11 21:17 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 18:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
--a------ 2005-10-31 11:05 278528 c:\program files\DIGStream\digstream.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-21 14:07 2752512 c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-10 20:30 133104 c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 12:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 12:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-21 12:48 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 15:53 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"c:\\TEST\\SocketsServer\\Debug\\SocketsServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\TEST\\UdpSender\\bin\\Debug\\UdpSender.exe"=
"c:\\Program Files\\Airlink101\\AIC250W\\Setup Wizard.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Aspera\\FASP\\bin\\scp.aspera.exe"=
"c:\\Program Files\\Aspera\\FASP\\bin\\ascp.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.2\\MSSQL\\Binn\\sqlservr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Adobe\\Flex Builder 3\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Aspera\\Aspera Connect\\bin\\ascp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\memcached\\memcached-1.2.4-Win32-Preview-20080309_bin\\memcached.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:war6112
"6113:TCP"= 6113:TCP:war6113
"6114:TCP"= 6114:TCP:war6114
"6115:TCP"= 6115:TCP:war6115
"6116:TCP"= 6116:TCP:war6116
"6117:TCP"= 6117:TCP:war6117
"6118:TCP"= 6118:TCP:war6118
"6119:TCP"= 6119:TCP:war6119
"13335:TCP"= 13335:TCP:BitComet 13335 TCP
"13335:UDP"= 13335:UDP:BitComet 13335 UDP
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Chris\My Documents\virtualdrive\VCdRom.sys [2007-12-17 8576]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 memcached Server;memcached Server;c:\memcached\memcached-1.2.4-Win32-Preview-20080309_bin\memcached.exe [2009-02-14 172032]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 0020821236795795mcinstcleanup;McAfee Application Installer Cleanup (0020821236795795);c:\windows\TEMP\
002082~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\
002082~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 svn.local;Subversion Repository;"c:\program files\subversion\bin\svnserve.exe" --service --root c:\sourcecode --> c:\program files\subversion\bin\svnserve.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-08-27 16512]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-16 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 13:00]
2009-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684849038-1165274592-3421407881-1006.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 20:30]
2009-03-18 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []
2009-03-18 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []
2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
2009-03-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-system tool - c:\windows\sysguard.exe
MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\uugiba8t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\uugiba8t.default\extensions\ubiquity@labs.mozilla.com\platform\WINNT_x86-msvc\components\ubiquity.dll
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\uugiba8t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npasperaweb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-18 23:08:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\UAC6378.tmp 24576 bytes
c:\windows\TEMP\UAC6a4e.tmp 81408 bytes executable
c:\windows\TEMP\UACe3b9.tmp 45056 bytes
c:\windows\TEMP\WGAErrLog.txt 483 bytes
c:\windows\TEMP\sqlite_Ly9QpHfb9eks4NE 0 bytes
c:\windows\TEMP\sqlite_LZ9sZZd9gg4jVgj 0 bytes
c:\windows\TEMP\sqlite_mhU8OaYjI27KZbo 0 bytes
c:\windows\TEMP\sqlite_mmz6VoFFdGXK3Ud 0 bytes
c:\windows\TEMP\sqlite_MNOJybeDsDUT4dn 0 bytes
c:\windows\TEMP\sqlite_mskKV27kkkNIUiu 0 bytes
c:\windows\TEMP\sqlite_mSnZ0wCTsTYxBap 0 bytes
c:\windows\TEMP\sqlite_muatsEr1cmNEsxr 0 bytes
c:\windows\TEMP\sqlite_mWAa5ZHZbweTn2t 0 bytes
c:\windows\TEMP\sqlite_NFjCwjK1RmZ5I8W 0 bytes
c:\windows\TEMP\sqlite_NhEWjdqad0R4uYJ 0 bytes
c:\windows\TEMP\sqlite_NlL7pkiF2wjYmR7 0 bytes
c:\windows\TEMP\sqlite_nsSXjkSviPNhXjR 0 bytes
c:\windows\TEMP\sqlite_o3bupObZRKdRXkO 0 bytes
c:\windows\TEMP\sqlite_o94lGw0anEAHS0c 0 bytes
c:\windows\TEMP\sqlite_OdgOjpsoytu9pAp 0 bytes
c:\windows\TEMP\sqlite_odnUG7vlHP7ls1c 0 bytes
c:\windows\TEMP\sqlite_odZqI41yVu612Fc 0 bytes
c:\windows\TEMP\sqlite_OIikzhfCjnatPu4 0 bytes
c:\windows\TEMP\sqlite_ojgZusRu894ij7v 0 bytes
c:\windows\TEMP\sqlite_TxODT3mfIuA9k1g 0 bytes
c:\windows\TEMP\sqlite_tzkawF6yD7CbkX5 0 bytes
c:\windows\TEMP\sqlite_u3OM4bkhIhLnl99 0 bytes
c:\windows\TEMP\sqlite_U75rSUe8TVaTKbR 0 bytes
c:\windows\TEMP\sqlite_UoYF6VbUkn88w5R 0 bytes
c:\windows\TEMP\sqlite_ur2QBM1ePrMem1c 0 bytes
c:\windows\TEMP\sqlite_urssgzZt7b9jhjx 0 bytes
c:\windows\TEMP\sqlite_UW6DqqeONOehdiF 0 bytes
c:\windows\TEMP\sqlite_v8mma3Vml9gRVqt 0 bytes
c:\windows\TEMP\sqlite_VAom6GIG9vZxCF0 0 bytes
c:\windows\TEMP\sqlite_vgKAo46karuzIao 0 bytes
c:\windows\TEMP\sqlite_VgVyIIA5XxDVSXX 0 bytes
c:\windows\TEMP\sqlite_Vj7MFsFP0RR3hiM 0 bytes
c:\windows\TEMP\sqlite_VT3X9MkeQk1WQnf 0 bytes
c:\windows\TEMP\sqlite_VXNKShfNDacbFfI 0 bytes
c:\windows\TEMP\sqlite_W7YgWLwAwY5LD5V 0 bytes
c:\windows\TEMP\sqlite_wEzmfcfTk7OZiYp 0 bytes
c:\windows\TEMP\sqlite_wOjaeT7FAorgLyx 0 bytes
c:\windows\TEMP\sqlite_ws9YrE67xnC2Pbc 0 bytes
c:\windows\TEMP\sqlite_Wvk05EWTrgx2Ctd 0 bytes
c:\windows\TEMP\sqlite_WZkMX6ZAVVN8ev5 0 bytes
c:\windows\TEMP\sqlite_xbqxkhnZVjwT5BN 0 bytes
c:\windows\TEMP\sqlite_XDCXyXeIAcYAFRu 0 bytes
c:\windows\TEMP\sqlite_E1QWTdmYBcCQ1jX 0 bytes
c:\windows\TEMP\sqlite_EaKHIkbgtKjKuZf 0 bytes
c:\windows\TEMP\sqlite_EgbV7u3APmEloBU 0 bytes
c:\windows\TEMP\sqlite_eP5znRBkn0ZQrUK 0 bytes
c:\windows\TEMP\sqlite_eU7Z9Sj1P4g4vUc 0 bytes
c:\windows\TEMP\sqlite_ex9YeXBsimvdFPD 0 bytes
c:\windows\TEMP\sqlite_eXCTzPSHwhqZQDh 0 bytes
c:\windows\TEMP\sqlite_eXqMGICLi5vTYKg 0 bytes
c:\windows\TEMP\sqlite_EZb9ubP89PfB5Xt 0 bytes
c:\windows\TEMP\sqlite_F9REjVYbv5cfaLD 0 bytes
c:\windows\TEMP\sqlite_ffpLvbcYzLqmIDv 0 bytes
c:\windows\TEMP\sqlite_FMdx0YgfZAvbcSO 0 bytes
c:\windows\TEMP\sqlite_FSpAbWjyPd1faPo 0 bytes
c:\windows\TEMP\sqlite_fxUjaJ4MC8CELAI 0 bytes
c:\windows\TEMP\sqlite_G7thdSxQNlCzf6H 0 bytes
c:\windows\TEMP\sqlite_gair4OslICI6zQU 0 bytes
c:\windows\TEMP\sqlite_gdLSXoOdJmTlm62 0 bytes
c:\windows\TEMP\sqlite_BaWLnJxqB2zO1iw 0 bytes
c:\windows\TEMP\sqlite_bE7JwElrrDHl9UG 0 bytes
c:\windows\TEMP\sqlite_bhaPcN1h1nsL26I 0 bytes
c:\windows\TEMP\sqlite_BiM8QgnoYCR3buM 0 bytes
c:\windows\TEMP\sqlite_BlCr5FJjQvAqLQ7 0 bytes
c:\windows\TEMP\sqlite_bn18jdMf65qfCuA 0 bytes
c:\windows\TEMP\sqlite_bsTdb7ffsvfe3uu 0 bytes
c:\windows\TEMP\sqlite_bwxumv30F2iDwGb 0 bytes
c:\windows\TEMP\sqlite_C2FYGsa8ho1t6MJ 0 bytes
c:\windows\TEMP\sqlite_cBszxR8wEao2Kgu 0 bytes
c:\windows\TEMP\sqlite_CbVrm1SvCqjyrU1 0 bytes
c:\windows\TEMP\sqlite_cd19G2RHKetd9mC 0 bytes
c:\windows\TEMP\sqlite_cDX8WdoMXbpjHOs 0 bytes
c:\windows\TEMP\sqlite_cgTX6eK8Dant77U 0 bytes
c:\windows\TEMP\sqlite_ChanrJc8srwcCzj 0 bytes
c:\windows\TEMP\sqlite_xDTHkUJPJHiiTuH 0 bytes
c:\windows\TEMP\sqlite_xFjQaBDBZv3c9jw 0 bytes
c:\windows\TEMP\sqlite_xFZjBHdPlw8OvKn 0 bytes
c:\windows\TEMP\sqlite_XGaAZ3Ga56EYR1b 0 bytes
c:\windows\TEMP\sqlite_XSxy3mdNHMqSXXc 0 bytes
c:\windows\TEMP\sqlite_XTOED2RLddS5izE 0 bytes
c:\windows\TEMP\sqlite_XY3TKQhpnnka45d 0 bytes
c:\windows\TEMP\sqlite_y90GzSkkqwDNkUZ 0 bytes
c:\windows\TEMP\sqlite_YDKia0WEp3DZMiR 0 bytes
c:\windows\TEMP\sqlite_Ydw3yLa9Kof7Vp7 0 bytes
c:\windows\TEMP\sqlite_yNI3HQ5bJ8y3r8U 0 bytes
c:\windows\TEMP\sqlite_YNrvhKMiJIhGZE7 0 bytes
c:\windows\TEMP\sqlite_yocARGZevnZ42lp 0 bytes
c:\windows\TEMP\sqlite_z8lBteDjf9UFgRD 0 bytes
c:\windows\TEMP\sqlite_ZeBu6nMlCvYG3yf 0 bytes
c:\windows\TEMP\sqlite_zevyO2a2dN7eUxf 0 bytes
c:\windows\TEMP\sqlite_zLdcZYTwzd0utY0 0 bytes
c:\windows\TEMP\sqlite_i9afDyAGX6PXOLL 0 bytes
c:\windows\TEMP\sqlite_I9KyqYhon1M4135 0 bytes
c:\windows\TEMP\sqlite_iaaezdoaBnz68BS 0 bytes
c:\windows\TEMP\sqlite_IgdYEfrjOObLHnf 0 bytes
c:\windows\TEMP\sqlite_IiSk7o25jZgJrL7 0 bytes
c:\windows\TEMP\sqlite_iku8NriQ5eHC1E7 0 bytes
c:\windows\TEMP\sqlite_ImYAeLUyYhaNJd7 0 bytes
c:\windows\TEMP\sqlite_IQvCh37T6urmfsy 0 bytes
c:\windows\TEMP\sqlite_iQXHD7TZJEmUnUk 0 bytes
c:\windows\TEMP\sqlite_J1Uw0k89AQ2pRGK 0 bytes
c:\windows\TEMP\sqlite_J6AfIaDdfPihKP4 1024 bytes
c:\windows\TEMP\sqlite_JHGAG8FdCzmFOm0 0 bytes
c:\windows\TEMP\sqlite_JOqwWR5ghtwwqKN 0 bytes
c:\windows\TEMP\sqlite_jYHcFARw2QXo1oQ 0 bytes
c:\windows\TEMP\sqlite_r6Wk8nlKo1A56Um 0 bytes
c:\windows\TEMP\sqlite_rBYYnwYUu0O5emo 0 bytes
c:\windows\TEMP\sqlite_Rfk5xMWVr8dHiXO 0 bytes
c:\windows\TEMP\sqlite_Rhi6n5KfYmirhsT 0 bytes
c:\windows\TEMP\sqlite_rOIVA1hEH7w8YDQ 0 bytes
c:\windows\TEMP\sqlite_rsFDdsvz4NI2AAc 0 bytes
c:\windows\TEMP\sqlite_rTg4eondWRFglUT 0 bytes
c:\windows\TEMP\sqlite_rTvvX6ihjhPlxJ8 0 bytes
c:\windows\TEMP\sqlite_rUqn1uRixbjFJHJ 0 bytes
c:\windows\TEMP\sqlite_rvm1wnfXmHLBoEy 0 bytes
c:\windows\TEMP\sqlite_RZuox3vb5Ycr26e 0 bytes
c:\windows\TEMP\sqlite_s0dHjMRjB8GqbPr 0 bytes
c:\windows\TEMP\sqlite_S2xjRIo9phByZlm 0 bytes
c:\windows\TEMP\sqlite_S4LmfRX2SYGDe8e 0 bytes
c:\windows\TEMP\mcafee_4ulDB1LZ0vrDGD6 2048 bytes
c:\windows\TEMP\mcmsc_03v6mgRGpAct9mH 0 bytes
c:\windows\TEMP\mcmsc_5BczZevWoXDZeZW 1024 bytes
c:\windows\TEMP\mcmsc_KxyTKPd3d4lLF4H 1024 bytes
c:\windows\TEMP\mcmsc_rIDhWs0OwnHAEmI 1024 bytes
c:\windows\TEMP\MpCmdRun.log 882 bytes
c:\windows\TEMP\Perflib_Perfdata_620.dat 16384 bytes
c:\windows\TEMP\sqlite_OP7YavI7tMoOLih 0 bytes
c:\windows\TEMP\sqlite_OSTbrXTRhJzfWUo 0 bytes
c:\windows\TEMP\sqlite_Ow9Unfwk2E9v672 0 bytes
c:\windows\TEMP\sqlite_OX1tOcJa3SbfNZk 0 bytes
c:\windows\TEMP\sqlite_p2Qne2HZzB83CbR 0 bytes
c:\windows\TEMP\sqlite_p7QqFyvnAfHbCwq 1024 bytes
c:\windows\TEMP\sqlite_pbbmKHUdAiepV3J 0 bytes
c:\windows\TEMP\sqlite_Pml4FzP3ufKmXS9 0 bytes
c:\windows\TEMP\sqlite_PsWXvgzenGeuTdk 0 bytes
c:\windows\TEMP\sqlite_PVvcrhbVX3nc8Zy 0 bytes
c:\windows\TEMP\sqlite_PxJiwhiyYDql3tY 0 bytes
c:\windows\TEMP\sqlite_q2AbVNCWkXvunXw 0 bytes
c:\windows\TEMP\sqlite_qFnDbfrungzRd7v 0 bytes
c:\windows\TEMP\sqlite_QgMSjvjEMQOn6HN 0 bytes
c:\windows\TEMP\sqlite_qgSqDOjjIjww2Jd 0 bytes
c:\windows\TEMP\sqlite_Qonat4co5QR51cs 0 bytes
c:\windows\TEMP\sqlite_QsamfWzBW4Exru7 0 bytes
c:\windows\TEMP\sqlite_7AjtUX5UpOfz5zE 0 bytes
c:\windows\TEMP\sqlite_7WvM2JIbrDvDyUS 0 bytes
c:\windows\TEMP\sqlite_8dRa3jW5kquNLRd
c:\windows\TEMP\sqlite_8KcpIdGm0Af2lFp 0 bytes
c:\windows\TEMP\sqlite_9Gm35jeKX8eWgNS 0 bytes
c:\windows\TEMP\sqlite_9hNkM4QlDt7B4Ac 0 bytes
c:\windows\TEMP\sqlite_9vNeZoc0YKKYXz9 0 bytes
c:\windows\TEMP\sqlite_a2n1lbxLOGhVrCo 0 bytes
c:\windows\TEMP\sqlite_a4nJPMJqGQbNGl8 0 bytes
c:\windows\TEMP\sqlite_AcgN0vtGI4Ak1v6 0 bytes
c:\windows\TEMP\sqlite_aI6M6OU6qRyoe2r 0 bytes
c:\windows\TEMP\sqlite_ai6uRPclYMUuPeV 0 bytes
c:\windows\TEMP\sqlite_AmL6xvU9Tcgigfp 0 bytes
c:\windows\TEMP\sqlite_aNh0DOsOsSSxLeJ 0 bytes
c:\windows\TEMP\sqlite_Apoj07sPYAtw1ni 0 bytes
c:\windows\TEMP\sqlite_Auyb0BiNJovbyFp 0 bytes
c:\windows\TEMP\sqlite_aZKyzdsLZdAVQo8 0 bytes
c:\windows\TEMP\sqlite_ZObbojvTY0hCpMd 0 bytes
c:\windows\TEMP\sqlite_zR0qzRoBfCSEse4 0 bytes
c:\windows\TEMP\T30DebugLogFile.txt 0 bytes
c:\windows\TEMP\Temporary Internet Files
c:\windows\TEMP\Temporary Internet Files\Content.IE5
c:\windows\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4603.English[1].dist 27444 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5859.English[1].dist 33164 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-3452.English[1].dist 3742 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-3626.English[1].dist 19313 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-3989.English[1].dist 32376 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4066.English[1].dist 19965 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4200.English[1].dist 6293 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4249.English[1].dist 6025 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4271.English[1].dist 32545 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4478.English[1].dist 33174 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4608.English[1].dist 18478 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4608.English[2].dist 18478 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4642.English[1].dist 24669 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-4972.English[1].dist 17087 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5350.English[1].dist 17918 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5790.English[1].dist 17755 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5807.English[1].dist 27138 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5844.English[1].dist 17140 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5850.English[1].dist 17749 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\
061-5859.English[2].dist 33164 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAB9WM5Y.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAEN8XI3.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAFC6G0G.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAGJW3AR.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAKTYVAT.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAO7GLA7.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAUVKPTN.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAYF81YJ.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\CAYJ05YT.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\index-windows-1[1].sucatalog 70021 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\G810H2CU\iTunesSetupAdmin[1].exe 75048 bytes executable
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-2916.English[1].dist 23694 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-3452.English[1].dist 3742 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-3638.English[1].dist 18179 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-3936.English[1].dist 3747 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-3964.English[1].dist 18279 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4184.English[1].dist 31566 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4212.English[1].dist 20136 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4513.English[1].dist 6869 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4516.English[1].dist 25801 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4588.English[1].dist 26457 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4638.English[1].dist 33351 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4708.English[1].dist 24639 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4827.English[1].dist 18669 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-4827.English[2].dist 18669 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-5374.English[1].dist 24564 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-5748.English[1].dist 17153 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-5797.English[1].dist 17234 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-5815.English[1].dist 33164 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-5850.English[1].dist 17749 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\
061-6193.English[1].dist 33281 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\AppleMobileDeviceSupport[1].msi 12390400 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CA1S91IC.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CA4NE7QR.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CAEZSHEF.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CANWEZT8.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CAOKFJXE.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CAQVG5EB.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CASMYWWK.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CAXOBG9U.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\CAZGPVQJ.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\index-windows-1[1].sucatalog 70021 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\HJU7358O\mcltvers[1].ini 2657 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\index.dat 81920 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5814.English[1].dist 33892 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-2802.English[1].dist 16876 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-3637.English[1].dist 18178 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-3872.English[1].dist 17006 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4026.English[1].dist 24340 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4125.English[1].dist 23827 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4280.English[1].dist 24537 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4480.English[1].dist 32560 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4512.English[1].dist 6760 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4513.English[1].dist 6869 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4514.English[1].dist 6484 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4609.English[1].dist 18471 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4609.English[2].dist 18471 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-4633.English[1].dist 26292 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5351.English[1].dist 17924 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5374.English[1].dist 24564 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5749.English[1].dist 17138 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5849.English[1].dist 3161 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5849.English[2].dist 3161 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-5926.English[1].dist 27394 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\
061-6192.English[1].dist 34009 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CA2HO8RH.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CA5PD93S.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CA6Z4DYZ.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CACDK38J.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CAFSFZ8T.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CAGF2D4P.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CAJCLMRA.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CAODK6BG.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\CAQ7GXYN.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\iTunes[1].msi 26886656 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O12VITG3\valert[1].ui 22112 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-3613.English[1].dist 31181 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-3829.English[1].dist 31565 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-3946.English[1].dist 31819 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-3965.English[1].dist 18272 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-3988.English[1].dist 33002 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4200.English[1].dist 6293 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4270.English[1].dist 33159 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4319.English[1].dist 24473 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4339.English[1].dist 17288 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4514.English[1].dist 6484 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4639.English[1].dist 32747 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4828.English[1].dist 18660 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-4972.English[1].dist 17087 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5749.English[1].dist 17138 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5790.English[1].dist 17755 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5798.English[1].dist 17219 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5843.English[1].dist 17149 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5858.English[1].dist 33892 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5858.English[2].dist 33892 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\
061-5926.English[1].dist 27394 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CA4704WH.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CA4XOJU3.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CA63SH6Z.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CAE34LAB.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CAI381AZ.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CAJFA5PJ.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CAMF8XAB.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CAYF0XQF.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\CAYFYDSX.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\mcscins[1].cfg 49 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OBRTXPBL\QuickTime[1].msi 29433856 bytes
c:\windows\TEMP\TFR245B.tmp 8196 bytes
c:\windows\TEMP\sqlite_Ck29XAiqvbYg5Kw 0 bytes
c:\windows\TEMP\sqlite_CkaRJEA3I55bdfb 0 bytes
c:\windows\TEMP\sqlite_cLws40HqSW54PEX 0 bytes
c:\windows\TEMP\sqlite_co3Fis2FxRAjeIJ 0 bytes
c:\windows\TEMP\sqlite_cpLIYkNPUilG2Sx 0 bytes
c:\windows\TEMP\sqlite_cVBXa7iN5ujwpta 0 bytes
c:\windows\TEMP\sqlite_D4TXLQq3PNlHfVO 0 bytes
c:\windows\TEMP\sqlite_d5qNnVX0rXQ4OXP 0 bytes
c:\windows\TEMP\sqlite_DafehLRTJFXqenZ 0 bytes
c:\windows\TEMP\sqlite_daYwovMYx42PbzN 0 bytes
c:\windows\TEMP\sqlite_dcHrCF5iLjmRU8i 0 bytes
c:\windows\TEMP\sqlite_DjBqjynP5NvpClx 0 bytes
c:\windows\TEMP\sqlite_dKXo9ffRd9a3RTQ 0 bytes
c:\windows\TEMP\sqlite_dm3xbgPMQXCWlrD 0 bytes
c:\windows\TEMP\sqlite_DsKzqSCavYXTpcp 0 bytes
c:\windows\TEMP\sqlite_dvKr1sbqw5FpHx5 0 bytes
c:\windows\TEMP\sqlite_dWqwp9T0dFI8pSk 0 bytes
c:\windows\TEMP\sqlite_gDziWhLC5ajG7gc 0 bytes
c:\windows\TEMP\sqlite_GeUkKPifCKcNYAX 0 bytes
c:\windows\TEMP\sqlite_GFUWahBFVQR3PTD 0 bytes
c:\windows\TEMP\sqlite_Gjfi2l2Fi1RNsjF 0 bytes
c:\windows\TEMP\sqlite_gQqlPHsfdyukLWB 0 bytes
c:\windows\TEMP\sqlite_Gr5JH18IPfCeuft 0 bytes
c:\windows\TEMP\sqlite_GTGUmXJBwPH7jz6 0 bytes
c:\windows\TEMP\sqlite_H5HduTKfyFxhEjJ 0 bytes
c:\windows\TEMP\sqlite_H5ysyTXQK3zX7R6 0 bytes
c:\windows\TEMP\sqlite_HiV7I5J5d2UOYGp 0 bytes
c:\windows\TEMP\sqlite_Hj5ByPFdmQP4CQi 0 bytes
c:\windows\TEMP\sqlite_Hnp0bR6rdjzBrf3 0 bytes
c:\windows\TEMP\sqlite_hO3wirMJ2sZCVkI 1024 bytes
c:\windows\TEMP\sqlite_hodvsMyVEsDHsjP 0 bytes
c:\windows\TEMP\sqlite_hRdPlkGiWd99Qkg 0 bytes
c:\windows\TEMP\sqlite_hvIKehUF7sETKh6 0 bytes
c:\windows\TEMP\sqlite_Hvw1kroJd7OsiXM 0 bytes
c:\windows\TEMP\sqlite_hXH0AbNOIoiFvIF 0 bytes
c:\windows\TEMP\sqlite_HxYQk62DvglLpN3 0 bytes
c:\windows\TEMP\sqlite_kcoItQI6lMofJtH 0 bytes
c:\windows\TEMP\sqlite_KEiYkEARr7WUslp 0 bytes
c:\windows\TEMP\sqlite_KhAhNHmvX25d3GJ 0 bytes
c:\windows\TEMP\sqlite_KpZsZgzywTQSN1k 0 bytes
c:\windows\TEMP\sqlite_kqXgygg8m052Sp6 0 bytes
c:\windows\TEMP\sqlite_kR9j2CSceKXrvLH 0 bytes
c:\windows\TEMP\sqlite_ks9rB8CFceExOJ2 0 bytes
c:\windows\TEMP\sqlite_ktf7bpgpi0trz4K 0 bytes
c:\windows\TEMP\sqlite_kvIF24Dz5pKI98B 0 bytes
c:\windows\TEMP\sqlite_kW1z2XUfn2hMmFr 0 bytes
c:\windows\TEMP\sqlite_Kwhx1jZiQfQMqtt 0 bytes
c:\windows\TEMP\sqlite_llri11AXDNhCTYE 0 bytes
c:\windows\TEMP\sqlite_LS6YNgNeWm2uupP 0 bytes
c:\windows\TEMP\sqlite_LtKQ4ooZaGeytiW 0 bytes
c:\windows\TEMP\sqlite_sd8UT1jtfHnGp9Z 0 bytes
c:\windows\TEMP\sqlite_sHZ7r4LKpsNY04k 0 bytes
c:\windows\TEMP\sqlite_SijZt7wIp9IrA8S 0 bytes
c:\windows\TEMP\sqlite_Sr9hCkPvxOvz7Dv 0 bytes
c:\windows\TEMP\sqlite_sYVyUPWre5sK24B 0 bytes
c:\windows\TEMP\sqlite_T8wQM083cAWHhY3 0 bytes
c:\windows\TEMP\sqlite_tCh34T7wCfV4qdd 0 bytes
c:\windows\TEMP\sqlite_Tgbsei9jBhcJR3j 0 bytes
c:\windows\TEMP\sqlite_tI1Cio36s8JYNvu 0 bytes
c:\windows\TEMP\sqlite_Tn57n8aVqOP2M6d 0 bytes
c:\windows\TEMP\sqlite_tpBb10ftp9m2Zun 0 bytes
c:\windows\TEMP\sqlite_TtwWyUQ1poIaOgI 0 bytes
c:\windows\TEMP\sqlite_tUqzxWhhpm1qFSx 0 bytes
c:\windows\TEMP\sqlite_B88V3piYjAprRO2 0 bytes
c:\windows\TEMP\sqlite_cIjr4N3wdfwh9kD 0 bytes
c:\windows\TEMP\sqlite_dYkdvVtxBDRvY7N 0 bytes
c:\windows\TEMP\sqlite_gdow7BFn8i9byil 0 bytes
c:\windows\TEMP\sqlite_I5z1YACkWKwF71Z 0 bytes
c:\windows\TEMP\sqlite_JZQnrd82lmu1Lio 0 bytes
c:\windows\TEMP\sqlite_Lw4OG3CgBdEP2OB 0 bytes
c:\windows\TEMP\sqlite_ooB6q5GGEJSlFMJ 0 bytes
c:\windows\TEMP\sqlite_qzYgCJIPPtTCQut 0 bytes
c:\windows\TEMP\sqlite_SbAteSZudtVI4aZ 0 bytes
c:\windows\TEMP\sqlite_tVwRFUdy5EjHpFp 0 bytes
c:\windows\TEMP\sqlite_xDoiPuGplAdSStM 0 bytes
c:\windows\TEMP\sqlite_Zmgh7eGI25smPpr 0 bytes
c:\windows\TEMP\TFR5A9.tmp 8196 bytes
scan completed successfully
hidden files: 384
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2684849038-1165274592-3421407881-1006\Software\SecuROM\License information*]
"datasecu"=hex:a3,5e,08,21,3c,cb,a7,f4,3e,30,52,de,aa,aa,e7,2b,fe,40,4f,ff,ac,
0a,bf,14,61,79,75,6d,1e,dc,5b,c4,e5,aa,36,03,a2,8e,b2,a7,66,92,17,36,d4,9f,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2009-03-18 23:27:33 - machine was rebooted [Chris]
ComboFix-quarantined-files.txt 2009-03-19 03:27:28
Pre-Run: 183,620,698,112 bytes free
Post-Run: 183,405,531,136 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
689 --- E O F --- 2009-03-11 07:00:46
And HiJackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:31 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\memcached\memcached-1.2.4-Win32-Preview-20080309_bin\memcached.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Chris\Desktop\asdf\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Chris\Desktop\asdf\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Chris\Desktop\asdf\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 9608335250O23 - Service: McAfee Application Installer Cleanup (0020821236795795) (0020821236795795mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002082~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: memcached Server - Danga Interactive, Inc. - C:\memcached\memcached-1.2.4-Win32-Preview-20080309_bin\memcached.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Subversion Repository (svn.local) - Unknown owner - c:\program files\subversion\bin\svnserve.exe (file missing)
--
End of file - 10473 bytes