Got an error while ComboFix was preparing to print the log about reinstalling AOL. I finally had to close the window, then the log came up.
ComboFix 10-07-26.04 - Owner 07/27/2010 7:27.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.335 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\System32\wjnrtv.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\LimeWire
c:\program files\LimeWire\toolbarResult
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JMNOZJ
-------\Service_jmnozj
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.
2010-07-21 05:03 . 2004-08-04 06:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-07-21 04:03 . 2010-07-21 04:03 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-18 00:36 . 2010-07-18 00:36 16384 ---ha-w- C:\SZKGFS.dat
2010-07-18 00:01 . 2010-07-18 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-17 23:59 . 2010-07-17 23:59 -------- d-----w- c:\program files\Common Files\iS3
2010-07-17 23:59 . 2010-07-18 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-17 08:19 . 2010-07-17 08:19 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-07-17 08:19 . 2010-07-17 08:19 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-17 08:01 . 2010-07-17 08:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-07-16 18:10 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-16 18:10 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-16 18:10 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-16 18:10 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-16 18:10 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-16 18:10 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-16 18:09 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-16 18:09 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-16 17:09 . 2010-07-16 17:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-07-16 17:09 . 2010-07-16 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-16 17:09 . 2010-07-16 18:17 -------- d-----w- c:\program files\Symantec
2010-07-16 14:16 . 2010-07-16 14:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-16 10:33 . 2009-07-03 22:02 34 -c--a-w- c:\windows\system32\config\systemprofile\jagex_runescape_preferences.dat
2010-07-16 08:14 . 2003-08-18 12:23 -------- d-----w- c:\windows\system32\config\systemprofile\.java
2010-07-16 08:14 . 2010-01-14 03:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-07-16 08:14 . 2010-01-05 04:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-16 08:14 . 2010-01-05 04:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-16 08:14 . 2003-08-12 22:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData
2010-07-16 08:14 . 2004-08-04 05:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-16 08:14 . 2004-08-04 04:58 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-07-16 08:11 . 2010-07-17 23:18 -------- d-----w- c:\program files\America Online 7.0
2010-07-16 08:06 . 2009-07-03 22:02 34 -c--a-w- c:\documents and settings\Default User\jagex_runescape_preferences.dat
2010-07-15 16:49 . 2003-08-18 12:23 -------- d-----w- c:\documents and settings\Default User\.java
2010-07-15 16:49 . 2010-01-14 03:05 -------- d-sh--w- c:\documents and settings\Default User\IECompatCache
2010-07-15 16:49 . 2010-01-05 04:36 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-07-15 16:49 . 2010-01-05 04:41 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2010-07-15 16:49 . 2003-08-12 22:39 -------- d-sh--w- c:\documents and settings\Default User\UserData
2010-07-15 15:38 . 2004-08-04 05:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-15 15:37 . 2004-08-04 05:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-07-15 15:37 . 2004-08-04 05:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-07-15 15:37 . 2004-08-04 05:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-07-15 15:37 . 2004-08-04 04:58 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-07-15 15:37 . 2004-08-04 04:58 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2010-07-15 15:37 . 2004-08-04 04:58 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-07-15 15:37 . 2004-08-04 05:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-07-15 15:37 . 2004-08-04 06:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-07-15 15:37 . 2004-08-04 05:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-07-15 15:37 . 2004-08-04 05:10 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-07-15 15:37 . 2004-08-04 05:10 53248 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-07-15 11:04 . 2002-09-24 03:40 942604 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-07-15 05:06 . 2010-07-15 05:14 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-07-15 05:04 . 2010-07-15 05:05 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-07-15 03:41 . 2010-07-15 03:42 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-07-14 02:19 . 2010-07-16 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-14 02:19 . 2010-07-14 02:19 -------- d-----w- c:\program files\Alwil Software
2010-07-11 15:48 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-11 05:38 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-11 05:38 . 2010-07-11 05:38 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-11 05:37 . 2010-07-11 05:37 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 05:27 . 2010-07-11 05:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-07-11 05:25 . 2010-07-11 05:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 05:23 . 2010-07-11 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-11 03:13 . 2010-07-11 03:32 -------- d-----w- c:\program files\Trend Micro
2010-07-10 11:26 . 2010-07-10 11:30 -------- d-----w- c:\windows\system32\NtmsData
2010-07-08 04:09 . 2010-07-08 04:10 -------- d-----w- c:\program files\Database
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 11:48 . 2003-06-12 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 11:35 . 2004-11-14 03:08 25424 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-21 02:01 . 2009-11-24 01:48 -------- d-----w- c:\program files\TrojanHunter 5.2
2010-07-18 21:41 . 2002-10-29 21:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-18 01:21 . 2010-07-18 01:21 704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-16 18:18 . 2007-10-26 20:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-16 17:16 . 2002-10-30 01:28 -------- d-----w- c:\program files\AWS
2010-07-16 08:13 . 2003-05-12 03:11 -------- d-----w- c:\program files\Common Files\aolshare
2010-07-15 08:04 . 2008-09-11 05:07 1352732 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-15 08:04 . 2008-09-11 05:07 115341344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-07-11 15:47 . 2004-10-01 01:24 -------- d-----w- c:\program files\TrojanHunter 4.0
2010-07-11 05:23 . 2003-05-18 16:27 -------- d-----w- c:\program files\Lavasoft
2010-07-11 02:21 . 2006-05-04 00:47 -------- d-----w- c:\program files\CCleaner
2010-07-08 05:02 . 2008-08-22 15:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-19 10:15 . 2003-05-12 00:46 -------- d-----w- c:\program files\hp deskjet 950c series
2010-05-21 19:14 . 2009-10-03 06:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-05-02 00:39 . 2009-05-02 00:39 7848712 -c--a-w- c:\program files\InstallWizard101.exe
2009-03-24 17:20 . 2009-03-24 17:19 1470664 -c--a-w- c:\program files\WG-MVPN-SSL.exe
2009-01-11 22:35 . 2009-01-11 22:17 45521704 -c--a-w- c:\program files\BCSETUP.EXE
2003-07-29 05:15 . 2007-10-23 17:54 307200 -c--a-w- c:\program files\internet explorer\plugins\djvu0407.dll
2003-07-29 05:15 . 2007-10-23 17:54 303104 -c--a-w- c:\program files\internet explorer\plugins\djvu0409.dll
2003-07-29 05:15 . 2007-10-23 17:54 311296 -c--a-w- c:\program files\internet explorer\plugins\djvu040c.dll
2003-07-29 05:15 . 2007-10-23 17:54 299008 -c--a-w- c:\program files\internet explorer\plugins\djvu0411.dll
2003-07-29 05:15 . 2007-10-23 17:54 299008 -c--a-w- c:\program files\internet explorer\plugins\djvu0412.dll
2003-07-29 05:15 . 2007-10-23 17:54 290816 -c--a-w- c:\program files\internet explorer\plugins\djvu0804.dll
2003-07-29 05:15 . 2007-10-23 17:54 122880 -c--a-w- c:\program files\internet explorer\plugins\DjVuCntl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2002-10-01 548933]
"AOL Fast Start"="c:\program files\America Online 9.0b\AOL.EXE" [2005-07-12 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-09-09 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2002-10-29 151597]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-26 241714]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-02-21 143360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"nwiz"="nwiz.exe" [2002-10-01 372736]
"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-20 111376]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-20 111376]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2009-12-18 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/16/2010 12:10 PM 165456]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder
2010-07-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]
2010-07-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2010-07-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2010-07-16 14:04]
2010-07-21 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2002-11-14 06:56]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aol.com/Trusted Zone: aol.com
Trusted Zone: malwareremoval.com\www
Trusted Zone: malwareremovalforum.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: zdnet.com
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g0s5iph3.default\
FF - prefs.js: browser.startup.homepage -
hxxp://en-us.start.mozilla.com/firefox? ... S:officialFF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g0s5iph3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPJPI140_01.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-27 07:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2613756972-2128452398-4171163640-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2064)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\snmp.exe
c:\windows\wanmpsvc.exe
c:\program files\America Online 9.0b\waol.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\wscntfy.exe
c:\program files\America Online 9.0b\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-07-27 07:55:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-27 13:55
ComboFix2.txt 2010-07-26 14:08
ComboFix3.txt 2010-07-15 07:01
Pre-Run: 32,492,781,568 bytes free
Post-Run: 32,575,397,888 bytes free
- - End Of File - - A8ADC576AE1B65E94E8D86215108214F
Avast seemed to start back up too before the log finished and I shut it back down.
DDS
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/16/2010 4:37:18 AM
System Uptime: 7/27/2010 7:38:36 AM (1 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Socket 478 | 2532/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 30.354 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 0.45 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 7/20/2010 7:46:29 PM - System Checkpoint
RP2: 7/20/2010 8:24:26 PM - After trying automatic system restore
RP3: 7/20/2010 9:44:46 PM - before sp2
RP4: 7/20/2010 9:45:14 PM - restore 2
RP5: 7/20/2010 10:34:07 PM - 11:30 pm before cd
RP6: 7/20/2010 10:50:16 PM - Installed Windows XP Service Pack 2.
RP7: 7/20/2010 11:29:50 PM - Installed Windows XP KB873339.
RP8: 7/20/2010 1:05:52 PM - Installed Windows XP Service Pack 2.
RP9: 7/20/2010 1:16:13 PM - Installed Windows XP KB873339.
RP10: 7/20/2010 1:18:52 PM - Installed Windows XP KB885835.
RP11: 7/23/2010 7:39:35 AM - System Checkpoint
RP12: 7/25/2010 3:10:36 AM - System Checkpoint
RP13: 7/26/2010 7:14:44 AM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
America Online
avast! Free Antivirus
Coloreal
CompuServe
Detto IntelliMover Demo
HijackThis 2.0.2
Inactive HP Printer Drivers (Remove only)
Indeo® Software
Intel(R) 82845G Graphics Driver Software
InterVideo WinDVD 4
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox (3.6.
Netscape (7.0)
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
RealOne Player
RecordNow
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
ShowBiz
Simple Installer - Multilanguage Version
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows XP Service Pack 2
Yahoo! Login
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
7/27/2010 7:27:05 AM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 7:27:05 AM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 7:27:05 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
7/27/2010 7:27:05 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
7/21/2010 5:35:26 AM, error: Service Control Manager [7023] - The Shell Update service terminated with the following error: The specified module could not be found.
7/20/2010 9:19:11 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/20/2010 7:21:38 PM, error: Service Control Manager [7023] - The Shell Update service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
7/20/2010 7:21:38 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:09:24.76 on Tue 07/27/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.203 [GMT -6:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.aol.com/BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [AOL Fast Start] "c:\program files\america online 9.0b\AOL.EXE" -b
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /installquiet /keeploaded
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\custom~1.lnk - c:\hp\region\customizeIe.wsf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
mPolicies-explorer: <NO NAME> =
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: aol.com
Trusted Zone: malwareremoval.com\www
Trusted Zone: malwareremovalforum.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: zdnet.com
DPF: DirectAnimation Java Classes -
file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupda ... 9682232875DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/products/plugin/aut ... 01-win.cabDPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/1.3 ... 02-win.cabDPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/aut ... 01-win.cabNotify: igfxcui - igfxsrvc.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\g0s5iph3.default\
FF - prefs.js: browser.startup.homepage -
hxxp://en-us.start.mozilla.com/firefox? ... S:officialFF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\g0s5iph3.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJPI140_01.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 165456]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
S2 mrtRate;mrtRate; [x]
=============== Created Last 30 ================
2010-07-26 14:10:38 35400 ----a-w- c:\windows\Owner000.acl
2010-07-26 13:42:40 0 d-sha-r- C:\cmdcons
2010-07-21 05:03:45 81920 ------w- c:\windows\system32\ieencode.dll
2010-07-21 04:50:11 19528 ----a-w- c:\windows\002063_.tmp
2010-07-21 04:03:06 0 dc----w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-20 19:05:12 19528 ----a-w- c:\windows\000001_.tmp
2010-07-18 01:21:19 704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-18 00:36:49 16384 ---ha-w- C:\SZKGFS.dat
2010-07-18 00:01:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-07-17 23:59:42 0 d-----w- c:\program files\common files\iS3
2010-07-17 23:59:39 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-17 08:19:46 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-07-17 08:19:46 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-17 08:01:55 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2010-07-16 18:09:53 38848 ----a-w- c:\windows\avastSS.scr
2010-07-16 17:09:53 0 d-----w- c:\docume~1\owner\applic~1\Symantec
2010-07-16 17:09:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-07-16 17:09:42 0 d-----w- c:\program files\Symantec
2010-07-16 14:20:36 3144 -c--a-w- c:\windows\system32\dllcache\srgb.icm
2010-07-16 14:16:54 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-16 08:14:03 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-16 08:14:03 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-07-16 08:11:13 40960 ----a-w- c:\windows\SET5678.tmp
2010-07-16 08:11:04 0 d-----w- c:\program files\America Online 7.0
2010-07-15 15:38:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-15 11:04:12 942604 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-07-15 11:04:12 1246208 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-07-15 05:06:51 0 d-----w- C:\32788R22FWJFW.3.tmp
2010-07-15 05:04:10 0 d-----w- C:\32788R22FWJFW.2.tmp
2010-07-15 03:41:01 0 d-----w- C:\32788R22FWJFW.1.tmp
2010-07-15 02:37:14 98816 ----a-w- c:\windows\sed.exe
2010-07-15 02:37:14 77312 ----a-w- c:\windows\MBR.exe
2010-07-15 02:37:14 256512 ----a-w- c:\windows\PEV.exe
2010-07-15 02:37:14 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 02:19:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-11 15:48:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-11 05:38:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-11 05:37:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 05:25:42 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 03:13:50 0 d-----w- c:\program files\Trend Micro
2010-07-10 11:26:48 0 d-----w- c:\windows\system32\NtmsData
2010-07-08 04:09:54 0 d-----w- c:\program files\Database
==================== Find3M ====================
2010-07-15 08:04:37 1352732 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-15 08:04:37 115341344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-05-02 00:39:37 7848712 -c--a-w- c:\program files\InstallWizard101.exe
2009-03-24 17:20:02 1470664 -c--a-w- c:\program files\WG-MVPN-SSL.exe
2009-01-11 22:35:38 45521704 -c--a-w- c:\program files\BCSETUP.EXE
2009-08-17 04:55:16 470 --sha-r- c:\windows\system32\config\systemprofile\my documents\c & j auto\x1\c\documents and settings\owner\local settings\application data\microsoft\feeds cache\index.dat
2009-09-07 15:35:20 470 --sha-r- c:\windows\system32\config\systemprofile\my documents\c & j auto\x2\c\documents and settings\owner\local settings\application data\microsoft\feeds cache\index.dat
============= FINISH: 8:09:40.07 ===============