Troj_zac, IE search hijacked, possible rootkit

Argh!

So, I have hit a roadblock. When I hit enter to boot from the USB, the screen goes blank and then the following message on the screen:

Could not find kernal image: linux
boot:

Then if I just hit enter, it will repeat. I redownloaded everything and tried again but it says the same thing.

The attached Doc is a snapshot of what is on my USB drive. I was hoping you could confirm that what I need is there.

Also, I have noticed that a certain process is really using up my memory and almost freezing up my computer. This has been consistant since I first got the virus. If I end that process, my computer speeds back up to normal. I have included a snapshot of that on the same document attached below.

Thanks, and I await your instruction!

Matt

Ok, I'm an idiot. I went back and realized I didnt "select the xpud as the source" part.

Anyway, I was able to reboot and initiate the USB drive startup. The welcome screen pops up and asks me what language. Then, it goes to a black screen and quickly lists what appear to be commands and actions it has taken. Then it freezes on that. The last line it freezes on says the following:

[ 0.566118] [<c01034a7>] kernal_thread_helper+0x7/0x10

I have had it sit for over an hour like that so I assume its frozen. Any ideas?

Matt

Hi Matt!

Ok, I'm an idiot. I went back and realized I didnt "select the xpud as the source" part.

No worries, it happens a lot more than you may realize.

I have had it sit for over an hour like that so I assume its frozen. Any ideas?

Can you confirm that you formatted your USB drive before proceeding with installing xPUD onto your USB device?

Any chance you could start over with the xPUD instructions and see if you have better luck starting fresh? There's a possibility something is corrupt, and a re-install of xPUD may fix it.

In the meantime, I'm going to speak with a colleague about that error, in the event, you're still receiving the error message upon re-install of xPUD.

Let me know how that goes.

-ST.

Booyaah! Changing to a different USB drive worked.

Attached is the file you requested

Matt

Hi Matt!

Thanks for posting that log file.

I was expecting to see something differently in that log file.

Can you do me a favor and please run a new scan with aswMBR and post the log file for me to review?

Well, if it makes any difference, as I was booting and rebooting yesterday, Windows snuck in an update with 8 items. Not sure if that changes anything. Anyway, here is the log!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 10:23:12
-----------------------------
10:23:12.156 OS Version: Windows 5.1.2600 Service Pack 3
10:23:12.156 Number of processors: 2 586 0xF0D
10:23:12.156 ComputerName: MDS0083 UserName:
10:23:18.000 Initialize success
10:37:30.937 AVAST engine defs: 12041300
10:38:54.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:38:54.296 Disk 0 Vendor: TOSHIBA_MK8037GSX DL240D Size: 76319MB BusType: 3
10:38:54.312 Disk 0 MBR read successfully
10:38:54.312 Disk 0 MBR scan
10:38:54.359 Disk 0 Windows XP default MBR code
10:38:54.375 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
10:38:54.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
10:38:54.406 Disk 0 scanning sectors +156296385
10:38:54.515 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:27.203 Service scanning
10:39:54.453 Service NEC Usb3 C:\WINDOWS\system32\usbnaw32.dll **INFECTED** Win32:Malware-gen
10:40:15.359 Modules scanning
10:41:06.437 Module: C:\WINDOWS\system32\WLTRYSVC.EXE **SUSPICIOUS**
10:41:28.453 Disk 0 trace - called modules:
10:41:28.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:41:28.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aba4ab8]
10:41:28.484 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8accbd98]
10:41:29.140 AVAST engine scan C:\WINDOWS
10:42:18.843 AVAST engine scan C:\WINDOWS\system32
10:46:03.953 File: C:\WINDOWS\system32\usbnaw32.dll **INFECTED** Win32:Malware-gen
10:48:44.765 AVAST engine scan C:\WINDOWS\system32\drivers
10:49:21.750 AVAST engine scan C:\Documents and Settings\matt.thomas
11:23:18.281 AVAST engine scan C:\Documents and Settings\All Users
11:27:32.343 Scan finished successfully
11:28:28.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\matt.thomas\Desktop\MBR.dat"
11:28:28.125 The log file has been saved successfully to "C:\Documents and Settings\matt.thomas\Desktop\aswMBR.txt"

Hi Matt!

Thanks for that information.

Please run this ComboFix script below. If ComboFix prompts you to update, please allow it to do so.

I won't be back on until much later this evening, so no rush on the scan.

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
File::
C:\WINDOWS\system32\usbnaw32.dll
Suspect::[102]
C:\WINDOWS\system32\WLTRYSVC.EXE
NetSvc::
NECUsb3s
NEC Usb3
Driver::
NECUsb3s
NEC Usb3

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Select Perform quick scan, then click on Scan
• Leave the default options as it is and click on Start Scan
• When done, you will be prompted. Click OK, then click on Show Results
• Checked (ticked) all items and click on Remove Selected
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. MalwareBytes' Anti-Malware log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Hey ST-

1. No real comments or questions. Everything seemed to run normally. See #4 for a few observations....

2. ComboFix 12-04-10.01 - matt.thomas 04/13/2012 16:26:13.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1095 [GMT -4:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\matt.thomas\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
FILE ::
"c:\windows\system32\usbnaw32.dll"
.
file zipped: c:\windows\system32\WLTRYSVC.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\usbnaw32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEC_USB3
-------\Service_NEC Usb3
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 03:13 . 2012-04-10 03:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-09 17:35 . 2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
2012-04-07 14:11 . 2012-04-07 14:11 -------- d-----w- C:\e111f9e36e2307c8ebc0
2012-04-06 03:48 . 2012-04-09 17:43 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-05 00:38 . 2012-04-05 00:38 -------- d-----w- c:\program files\Common Files\Skype
2012-03-31 12:11 . 2012-03-31 17:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\b90779d6e7bb1c16de8c
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\06f8874658948246fc0a81a1039476
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 03:45 . 2008-11-26 23:32 11264 ----a-w- c:\windows\DCEBoot.exe
2012-03-31 17:47 . 2011-06-10 03:07 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-13_20.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-13 20:33 . 2012-04-13 20:33 16384 c:\windows\temp\Perflib_Perfdata_2c4.dat
- 2012-04-13 14:15 . 2012-04-13 14:15 16384 c:\windows\temp\Perflib_Perfdata_2c4.dat
+ 2012-04-13 20:34 . 2007-03-29 12:10 214712 c:\windows\temp\NECAA5.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\intelUsb3Sevices]
2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usbniw32]
2012-04-09 17:35 38400 ----a-w- c:\windows\system32\usbniw32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 11:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 4:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 4:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 3:03 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 2:26 PM 652360]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 11:44 AM 31232]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 2:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 2:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 4:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 2:26 PM 20464]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 8:11 AM 253600]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/9/2012 11:13 PM 40776]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:47]
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-03-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2012-04-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2012-04-13 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 16:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1284)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\usbniw32.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(5944)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\TEMP\NECAA5.EXE
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-04-13 16:46:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 20:46
ComboFix2.txt 2012-04-11 11:51
ComboFix3.txt 2012-04-10 17:51
ComboFix4.txt 2011-12-14 02:01
.
Pre-Run: 7,118,970,880 bytes free
Post-Run: 7,098,019,840 bytes free
.
- - End Of File - - 73CEF4D01C0967F00985A1F80CD90F3F
Upload was successful



3. Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
matt.thomas :: MDS0083 [administrator]

4/13/2012 5:00:57 PM
mbam-log-2012-04-13 (17-00-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238053
Time elapsed: 19 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


4. It looks like that weird "Mini Web Browser" issue has been corrected with that last Combofix run. I still get the system being bogged down by that weird process, especially at startup. Doesnt seem like that ever was an issue before.

Anyway, hope you had an awesome day and I await your instruction!

Matt

Hi Matt!

1. No real comments or questions. Everything seemed to run normally. See #4 for a few observations....

Okay. Will do.

It looks like that weird "Mini Web Browser" issue has been corrected with that last Combofix run. I still get the system being bogged down by that weird process, especially at startup. Doesnt seem like that ever was an issue before.

Glad to hear that the weird "Mini Web Browser" issue has gone away. That was definitel strange.

We need to run ComboFix again to get rid of some malicious files.

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Rootkit::
c:\windows\system32\usbniw32.dll
C:\WINDOWS\system32\usbnaw32.dl
DirLook::
C:\e111f9e36e2307c8ebc0
C:\b90779d6e7bb1c16de8c
C:\06f8874658948246fc0a81a1039476
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usbniw32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\intelUsb3Sevices]
Svchost::
NECUsb3s
NEC Usb3
Driver::
NECUsb3s
NEC Usb3

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log.
3. ESET Online Virus Scanner log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

1. I was about an hour into the ESET scan and my Trend Micro popped up saying it detected a whole list of threats. It does not have the capability to produce a log so I attached a screenshot of the "threats" it picked up. Also, ESET did not see any viruses so it did not give me an option to print a log, either.

2. ComboFix 12-04-10.01 - matt.thomas 04/14/2012 11:41:02.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1414 [GMT -4:00]
Running from: c:\documents and settings\matt.thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\matt.thomas\Desktop\CFScript.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Updated* {61CB6683-51E0-4335-991A-E86068BDD4B5}
FW: Trend Micro Client-Server Security Agent Firewall *Enabled* {61CB6683-51E0-4335-991A-E86068BDD4B5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 14:11 . 2012-04-07 14:11 -------- d-----w- C:\e111f9e36e2307c8ebc0
2012-04-06 03:48 . 2012-04-09 17:43 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-05 00:38 . 2012-04-05 00:38 -------- d-----w- c:\program files\Common Files\Skype
2012-03-31 12:11 . 2012-03-31 17:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\b90779d6e7bb1c16de8c
2012-03-31 11:55 . 2012-03-31 11:55 -------- d-----w- C:\06f8874658948246fc0a81a1039476
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 03:45 . 2008-11-26 23:32 11264 ----a-w- c:\windows\DCEBoot.exe
2012-04-04 19:56 . 2011-01-06 18:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 17:47 . 2011-06-10 03:07 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 23:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-11 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\06f8874658948246fc0a81a1039476 ----
.
2012-03-31 11:55 . 2012-03-31 11:55 788 ---ha-w- c:\06f8874658948246fc0a81a1039476\$shtdwn$.req
2010-12-11 13:57 . 2010-12-11 13:57 57447776 ----a-w- c:\06f8874658948246fc0a81a1039476\hotfixexpress\files\sqlexpr.exe
2010-12-11 07:34 . 2010-12-11 07:34 2124 ----a-w- c:\06f8874658948246fc0a81a1039476\hotfixexpress.inf
2010-12-11 07:34 . 2010-12-11 07:34 534 ----a-w- c:\06f8874658948246fc0a81a1039476\master.inf
2010-12-10 22:29 . 2010-12-10 22:29 140640 ----a-w- c:\06f8874658948246fc0a81a1039476\sqlcmd.exe
2010-12-10 22:29 . 2010-12-10 22:29 529760 ----a-w- c:\06f8874658948246fc0a81a1039476\sqldiscoveryapi.dll
2010-12-10 22:29 . 2010-12-10 22:29 226656 ----a-w- c:\06f8874658948246fc0a81a1039476\sqlsetupvista.dll
2010-12-10 22:20 . 2010-12-10 22:20 23904 ----a-w- c:\06f8874658948246fc0a81a1039476\sqlcmd.rll
2010-12-10 22:17 . 2010-12-10 22:17 50528 ----a-w- c:\06f8874658948246fc0a81a1039476\osql.exe
2010-12-10 21:55 . 2010-12-10 21:55 2542944 ----a-w- c:\06f8874658948246fc0a81a1039476\hotfix.exe
2010-12-10 21:55 . 2010-12-10 21:55 52576 ----a-w- c:\06f8874658948246fc0a81a1039476\1033\hotfix.rll
2010-12-10 21:55 . 2010-12-10 21:55 60256 ----a-w- c:\06f8874658948246fc0a81a1039476\1033\sqlse.rll
2010-12-10 21:37 . 2010-12-10 21:37 124256 ----a-w- c:\06f8874658948246fc0a81a1039476\batchparser90.dll
2010-12-10 13:04 . 2010-12-10 13:04 1002 ----a-w- c:\06f8874658948246fc0a81a1039476\1033\eula.txt
2010-12-10 13:04 . 2010-12-10 13:04 1306 ----a-w- c:\06f8874658948246fc0a81a1039476\1033\finalsql2005information.rtf
2010-12-10 13:04 . 2010-12-10 13:04 116104 ----a-w- c:\06f8874658948246fc0a81a1039476\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\06f8874658948246fc0a81a1039476\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\06f8874658948246fc0a81a1039476\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\06f8874658948246fc0a81a1039476\msvcr80.dll
.
---- Directory of C:\b90779d6e7bb1c16de8c ----
.
2010-12-11 06:27 . 2010-12-11 06:27 5542400 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlrun.msi
2010-12-11 06:24 . 2010-12-11 06:24 5180928 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlrun_tools.msi
2010-12-11 06:23 . 2010-12-11 06:23 6642688 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlrun_sql.msi
2010-12-11 06:23 . 2010-12-11 06:23 2650 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlrun_sql.ini
2010-12-11 06:06 . 2010-12-11 06:06 9260032 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlsupport.msi
2010-12-11 06:06 . 2010-12-11 06:06 1292288 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlwriter.msi
2010-12-11 06:06 . 2010-12-11 06:06 3610624 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlncli.msi
2010-12-11 04:19 . 2010-12-11 04:19 6577152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlncli_x64.msi
2010-12-11 04:19 . 2010-12-11 04:19 3281920 ----a-w- c:\b90779d6e7bb1c16de8c\setup\sqlwriter_x64.msi
2010-12-10 22:32 . 2010-12-10 22:32 166240 ----a-w- c:\b90779d6e7bb1c16de8c\xmlrw.dll
2010-12-10 22:32 . 2010-12-10 22:32 192352 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\xmlsub.dll
2010-12-10 22:32 . 2010-12-10 22:32 166240 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\xmlrw.dll
2010-12-10 22:32 . 2010-12-10 22:32 166240 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xmlrw.dll
2010-12-10 22:32 . 2010-12-10 22:32 120160 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xmlrwbin.dll
2010-12-10 22:32 . 2010-12-10 22:32 47968 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xpadsi90.exe
2010-12-10 22:32 . 2010-12-10 22:32 37216 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xplog70.dll
2010-12-10 22:32 . 2010-12-10 22:32 53600 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xpqueue.dll
2010-12-10 22:32 . 2010-12-10 22:32 69984 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xprepl.dll
2010-12-10 22:32 . 2010-12-10 22:32 18784 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xpsqlbot.dll
2010-12-10 22:32 . 2010-12-10 22:32 297312 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\xpstar90.dll
2010-12-10 22:30 . 2010-12-10 22:30 83808 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\tablediff.exe
2010-12-10 22:30 . 2010-12-10 22:30 87392 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\sqlwep.dll
2010-12-10 22:30 . 2010-12-10 22:30 39264 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssradd.dll
2010-12-10 22:30 . 2010-12-10 22:30 39776 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssravg.dll
2010-12-10 22:30 . 2010-12-10 22:30 25952 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssrdown.dll
2010-12-10 22:30 . 2010-12-10 22:30 37728 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssrmax.dll
2010-12-10 22:30 . 2010-12-10 22:30 37728 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssrmin.dll
2010-12-10 22:30 . 2010-12-10 22:30 26976 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssrpub.dll
2010-12-10 22:30 . 2010-12-10 22:30 25952 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\ssrup.dll
2010-12-10 22:30 . 2010-12-10 22:30 96096 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlwtsn.exe
2010-12-10 22:30 . 2010-12-10 22:30 610656 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\svrenumapi.dll
2010-12-10 22:29 . 2010-12-10 22:29 2151264 ----a-w- c:\b90779d6e7bb1c16de8c\setup.exe
2010-12-10 22:29 . 2010-12-10 22:29 672096 ----a-w- c:\b90779d6e7bb1c16de8c\sqlcu.dll
2010-12-10 22:29 . 2010-12-10 22:29 173920 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\spresolv.dll
2010-12-10 22:29 . 2010-12-10 22:29 145248 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\sqldistx.dll
2010-12-10 22:29 . 2010-12-10 22:29 191328 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\sqlmergx.dll
2010-12-10 22:29 . 2010-12-10 22:29 44384 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqladhlp90.exe
2010-12-10 22:29 . 2010-12-10 22:29 46432 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlboot.dll
2010-12-10 22:29 . 2010-12-10 22:29 238944 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlbrowser.exe
2010-12-10 22:29 . 2010-12-10 22:29 65888 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqldumper.exe
2010-12-10 22:29 . 2010-12-10 22:29 24416 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlftacct.dll
2010-12-10 22:29 . 2010-12-10 22:29 234848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlmgmprovider.dll
2010-12-10 22:29 . 2010-12-10 22:29 120672 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlprov.exe
2010-12-10 22:29 . 2010-12-10 22:29 1242976 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlsac.exe
2010-12-10 22:29 . 2010-12-10 22:29 15200 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlsecacctchg.dll
2010-12-10 22:29 . 2010-12-10 22:29 137056 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlsqm.exe
2010-12-10 22:29 . 2010-12-10 22:29 88928 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlsvcsync.dll
2010-12-10 22:29 . 2010-12-10 22:29 140640 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqlcmd.exe
2010-12-10 22:29 . 2010-12-10 22:29 1072480 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqldiag.exe
2010-12-10 22:29 . 2010-12-10 22:29 499040 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqlmanager.dll
2010-12-10 22:29 . 2010-12-10 22:29 104800 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqlsvc90.dll
2010-12-10 22:29 . 2010-12-10 22:29 348000 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlaccess.dll
2010-12-10 22:29 . 2010-12-10 22:29 46432 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlboot.dll
2010-12-10 22:29 . 2010-12-10 22:29 75104 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlmaint.exe
2010-12-10 22:29 . 2010-12-10 22:29 14176 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlos.dll
2010-12-10 22:29 . 2010-12-10 22:29 29293408 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlservr.exe
2010-12-10 22:29 . 2010-12-10 22:29 104800 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlsvc90.dll
2010-12-10 22:29 . 2010-12-10 22:29 64864 ----a-w- c:\b90779d6e7bb1c16de8c\setup\system\sqlctr90.dll
2010-12-10 22:29 . 2010-12-10 22:29 79712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sac.exe
2010-12-10 22:20 . 2010-12-10 22:20 202592 ----a-w- c:\b90779d6e7bb1c16de8c\setup.rll
2010-12-10 22:20 . 2010-12-10 22:20 281952 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\resources\1033\replres.rll
2010-12-10 22:20 . 2010-12-10 22:20 23904 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlcmd.rll
2010-12-10 22:20 . 2010-12-10 22:20 51552 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqldiag.rll
2010-12-10 22:20 . 2010-12-10 22:20 144224 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlmanager.rll
2010-12-10 22:20 . 2010-12-10 22:20 281952 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1033\replres.rll
2010-12-10 22:20 . 2010-12-10 22:20 1738080 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\res\1033\sqlevn70.rll
2010-12-10 22:20 . 2010-12-10 22:20 19296 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\res\1033\sqlmaint.rll
2010-12-10 22:20 . 2010-12-10 22:20 151904 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\res\1033\xpstar90.rll
2010-12-10 22:19 . 2010-12-10 22:19 644448 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\rdistcom.dll
2010-12-10 22:19 . 2010-12-10 22:19 110944 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replerrx.dll
2010-12-10 22:19 . 2010-12-10 22:19 269664 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replisapi.dll
2010-12-10 22:19 . 2010-12-10 22:19 317792 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replmerg.exe
2010-12-10 22:19 . 2010-12-10 22:19 551776 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replprov.dll
2010-12-10 22:19 . 2010-12-10 22:19 783200 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replrec.dll
2010-12-10 22:19 . 2010-12-10 22:19 405344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replsub.dll
2010-12-10 22:19 . 2010-12-10 22:19 98144 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\replsync.dll
2010-12-10 22:17 . 2010-12-10 22:17 50528 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\osql.exe
2010-12-10 22:17 . 2010-12-10 22:17 55648 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\odsole70.dll
2010-12-10 22:16 . 2010-12-10 22:16 1625440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\microsoft.sqlserver.replication.dll
2010-12-10 22:16 . 2010-12-10 22:16 196960 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\msgprox.dll
2010-12-10 22:16 . 2010-12-10 22:16 67424 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.regsvrenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 554848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.rmo.dll
2010-12-10 22:16 . 2010-12-10 22:16 38752 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.servicebrokerenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 1603424 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.smo.dll
2010-12-10 22:16 . 2010-12-10 22:16 218976 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.smoenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 919392 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.sqlenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 42848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.wmienum.dll
2010-12-10 22:16 . 2010-12-10 22:16 67424 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.regsvrenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 1625440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.replication.dll
2010-12-10 22:16 . 2010-12-10 22:16 554848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.rmo.dll
2010-12-10 22:16 . 2010-12-10 22:16 38752 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.servicebrokerenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 1603424 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.smo.dll
2010-12-10 22:16 . 2010-12-10 22:16 218976 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.smoenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 919392 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.sqlenum.dll
2010-12-10 22:16 . 2010-12-10 22:16 42848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.wmienum.dll
2010-12-10 22:16 . 2010-12-10 22:16 74592 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\microsoft.sqlserver.mgdsqldumper.dll
2010-12-10 22:16 . 2010-12-10 22:16 20320 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\msasxpress.dll
2010-12-10 22:16 . 2010-12-10 22:16 866656 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\msxmlsql.dll
2010-12-10 22:12 . 2010-12-10 22:12 359776 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.batchparser.dll
2010-12-10 22:12 . 2010-12-10 22:12 153440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.connectioninfo.dll
2010-12-10 22:12 . 2010-12-10 22:12 153440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.connectioninfo.dll
2010-12-10 22:12 . 2010-12-10 22:12 444256 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\microsoft.sqlsac.public.dll
2010-12-10 22:10 . 2010-12-10 22:10 137056 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.analysisservices.deploymentengine.dll
2010-12-10 22:10 . 2010-12-10 22:10 1214304 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.analysisservices.dll
2010-12-10 22:10 . 2010-12-10 22:10 34656 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.datawarehouse.interfaces.dll
2010-12-10 22:10 . 2010-12-10 22:10 132960 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\microsoft.netenterpriseservers.exceptionmessagebox.dll
2010-12-10 22:10 . 2010-12-10 22:10 29024 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\mergetxt.dll
2010-12-10 22:10 . 2010-12-10 22:10 542560 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft.net\adomd.net\microsoft.analysisservices.adomdclient.dll
2010-12-10 22:10 . 2010-12-10 22:10 542560 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft.net\adomd.net\90\microsoft.analysisservices.adomdclient.dll
2010-12-10 21:55 . 2010-12-10 21:55 13664 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\isacctchange.dll
2010-12-10 21:43 . 2010-12-10 21:43 67424 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\distrib.exe
2010-12-10 21:39 . 2010-12-10 21:39 1036128 ----a-w- c:\b90779d6e7bb1c16de8c\dbghelp.dll
2010-12-10 21:39 . 2010-12-10 21:39 1036128 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\dbghelp.dll
2010-12-10 21:39 . 2010-12-10 21:39 1036128 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\dbghelp.dll
2010-12-10 21:37 . 2010-12-10 21:37 124256 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\batchparser90.dll
2010-12-10 21:37 . 2010-12-10 21:37 65376 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\bcp.exe
2010-12-10 21:37 . 2010-12-10 21:37 124256 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\batchparser90.dll
2010-12-10 17:11 . 2010-12-10 17:11 524288 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\mssqlsystemresource1.ldf
2010-12-10 17:11 . 2010-12-10 17:11 40173568 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\mssqlsystemresource1.mdf
2010-12-10 14:55 . 2010-12-10 14:55 1221345 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\sqlagent90_msdb_upgrade.sql
2010-12-10 14:46 . 2010-12-10 14:46 141098 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlwep-xp.mof
2010-12-10 14:44 . 2010-12-10 14:44 10863 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlctr.h
2010-12-10 14:44 . 2010-12-10 14:44 49786 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlctr.ini
2010-12-10 13:04 . 2010-12-10 13:04 647770 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\sysdbupg.sql
2010-12-10 13:04 . 2010-12-10 13:04 156306 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\sysdbupg_uninstall.sql
2010-12-10 13:04 . 2010-12-10 13:04 16346 ----a-w- c:\b90779d6e7bb1c16de8c\license.txt
2010-12-10 13:04 . 2010-12-10 13:04 19883 ----a-w- c:\b90779d6e7bb1c16de8c\requirementssqlexp2005.htm
2010-12-10 13:04 . 2010-12-10 13:04 16346 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\eula\license_expr_enu.txt
2010-12-02 03:15 . 2010-12-02 03:15 24691 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlcm.xml
2010-10-10 13:08 . 2010-10-10 13:08 2664960 ----a-w- c:\b90779d6e7bb1c16de8c\setup\msxml6_x64.msi
2010-10-09 23:00 . 2010-10-09 23:00 1521152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\msxml6.msi
2010-09-19 00:51 . 2010-09-19 00:51 32255 ----a-w- c:\b90779d6e7bb1c16de8c\template.ini
2010-09-19 00:49 . 2010-09-19 00:49 921656 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\autorun_silver_bground.png
2010-09-19 00:49 . 2010-09-19 00:49 411320 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\splash.bmp
2010-09-19 00:43 . 2010-09-19 00:43 5565 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\failoveranalysis.sql
2010-09-19 00:35 . 2010-09-19 00:35 89854 ----a-w- c:\b90779d6e7bb1c16de8c\readmesqlexp2005.htm
2010-09-19 00:35 . 2010-09-19 00:35 1682069 ----a-w- c:\b90779d6e7bb1c16de8c\setup\help\1033\setupsql9.chm
2010-09-19 00:35 . 2010-09-19 00:35 157200 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.connectioninfo.xml
2010-09-19 00:35 . 2010-09-19 00:35 82996 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.replication.xml
2010-09-19 00:35 . 2010-09-19 00:35 554428 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.rmo.xml
2010-09-19 00:35 . 2010-09-19 00:35 3728264 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.smo.xml
2010-09-19 00:35 . 2010-09-19 00:35 49709 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.smoenum.xml
2010-09-19 00:35 . 2010-09-19 00:35 264382 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.sqlenum.xml
2010-09-19 00:35 . 2010-09-19 00:35 498705 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft.net\adomd.net\90\en\microsoft.analysisservices.adomdclient.xml
2010-09-19 00:35 . 2010-09-19 00:35 15815 ----a-w- c:\b90779d6e7bb1c16de8c\1033\finish.rtf
2010-09-19 00:35 . 2010-09-19 00:35 216618 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\cmptmgr9.chm
2008-08-11 15:49 . 2008-08-11 15:49 4567040 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\80\tools\binn\sqldmo.dll
2005-10-14 06:53 . 2005-10-14 06:53 57560 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\common files\microsoft shared\sql debugging\ssdebugps.dll
2005-10-14 06:50 . 2005-10-14 06:50 40664 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\semmap90.dll
2005-10-14 06:50 . 2005-10-14 06:50 50904 ----a-w- c:\b90779d6e7bb1c16de8c\setup\setupex.dll
2005-10-14 06:50 . 2005-10-14 06:50 29912 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqlscm90.dll
2005-10-14 06:50 . 2005-10-14 06:50 29912 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlscm90.dll
2005-10-14 06:49 . 2005-10-14 06:49 19160 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\sqlresld90.dll
2005-10-14 06:49 . 2005-10-14 06:49 19160 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqlresld90.dll
2005-10-14 06:49 . 2005-10-14 06:49 19160 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlresld90.dll
2005-10-14 06:49 . 2005-10-14 06:49 17624 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\sqlresourceloader.dll
2005-10-14 06:49 . 2005-10-14 06:49 17624 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlresourceloader.dll
2005-10-14 06:48 . 2005-10-14 06:48 201944 ----a-w- c:\b90779d6e7bb1c16de8c\sqlcu.rll
2005-10-14 06:47 . 2005-10-14 06:47 16600 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\semmap90.rll
2005-10-14 06:46 . 2005-10-14 06:46 9432 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlsvc90.rll
2005-10-14 06:46 . 2005-10-14 06:46 9432 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\res\1033\sqlsvc90.rll
2005-10-14 06:46 . 2005-10-14 06:46 11992 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\resources\1033\sqladevn90.rll
2005-10-14 06:46 . 2005-10-14 06:46 11992 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\res\1033\xplog70.rll
2005-10-14 06:46 . 2005-10-14 06:46 49880 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\resources\1033\msxmlsql.rll
2005-10-14 06:46 . 2005-10-14 06:46 43736 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\microsoft.sqlserver.sqltdiagm.dll
2005-10-14 06:46 . 2005-10-14 06:46 355032 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\80\tools\binn\msvcr71.dll
2005-10-14 06:45 . 2005-10-14 06:45 84696 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\msclusterlib.dll
2005-10-14 06:45 . 2005-10-14 06:45 21208 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\opends60.dll
2005-10-14 06:45 . 2005-10-14 06:45 20184 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.sstring.dll
2005-10-14 06:45 . 2005-10-14 06:45 20184 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.sstring.dll
2005-10-14 06:44 . 2005-10-14 06:44 18648 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\res\1033\odsole70.rll
2005-10-14 06:44 . 2005-10-14 06:44 16600 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\bcp.rll
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\resources\1033\osql.rll
2005-10-14 06:44 . 2005-10-14 06:44 11992 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\resources\1033\sbevent.rll
2005-10-14 06:44 . 2005-10-14 06:44 12504 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\resources\1033\axscphst90.rll
2005-10-14 06:43 . 2005-10-14 06:43 133848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\microsoft.exceptionmessagebox.dll
2005-10-14 06:43 . 2005-10-14 06:43 133848 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.exceptionmessagebox.dll
2005-10-14 06:42 . 2005-10-14 06:42 47832 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\microsoft.sqlserver.replication.businesslogicsupport.dll
2005-10-14 06:42 . 2005-10-14 06:42 47832 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\microsoft.sqlserver.replication.businesslogicsupport.dll
2005-10-14 06:42 . 2005-10-14 06:42 16600 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\microsoft.sqlserver.instapi.dll
2005-10-14 06:37 . 2005-10-14 06:37 35032 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\instapi.dll
2005-10-14 06:37 . 2005-10-14 06:37 35032 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\instapi.dll
2005-10-14 06:31 . 2005-10-14 06:31 42712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\axscphst90.dll
2005-10-14 06:31 . 2005-10-14 06:31 40664 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\custsat.dll
2005-10-14 05:06 . 2005-10-14 05:06 4194304 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\master.mdf
2005-10-14 05:06 . 2005-10-14 05:06 524288 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\mastlog.ldf
2005-10-14 05:06 . 2005-10-14 05:06 1245184 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\model.mdf
2005-10-14 05:06 . 2005-10-14 05:06 524288 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\modellog.ldf
2005-10-14 05:06 . 2005-10-14 05:06 4653056 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\msdbdata.mdf
2005-10-14 05:06 . 2005-10-14 05:06 524288 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\data\msdblog.ldf
2005-10-14 03:41 . 2005-10-14 03:41 22980 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlmgmprovider.mof
2005-10-14 03:41 . 2005-10-14 03:41 23138 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\sqlmgmproviderxpsp2up.mof
2005-10-14 03:41 . 2005-10-14 03:41 19942 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\resources\1033\sqlmgmprovider.mfl
2005-10-14 03:33 . 2005-10-14 03:33 140306 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\binn\sqlwep-uni.mof
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\b90779d6e7bb1c16de8c\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\b90779d6e7bb1c16de8c\msvcr80.dll
2005-10-14 03:25 . 2005-10-14 03:25 14719 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\repl_master.sql
2005-09-29 22:14 . 2005-09-29 22:14 585728 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\80\tools\binn\resources\1033\sqldmo.rll
2005-09-23 11:02 . 2005-09-23 11:02 7436 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.cat
2005-09-23 11:02 . 2005-09-23 11:02 7436 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.cat
2005-09-23 11:02 . 2005-09-23 11:02 7447 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7447 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7423 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.cat
2005-09-23 11:02 . 2005-09-23 11:02 7423 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat
2005-09-23 11:02 . 2005-09-23 11:02 7423 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.cat
2005-09-23 11:02 . 2005-09-23 11:02 7423 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat
2005-09-23 11:02 . 2005-09-23 11:02 7423 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.cat
2005-09-23 11:02 . 2005-09-23 11:02 7423 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.cat
2005-09-23 11:02 . 2005-09-23 11:02 7441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8\8.0.50727.42.cat
2005-09-23 11:02 . 2005-09-23 11:02 7441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8\8.0.50727.42.cat
2005-09-23 11:01 . 2005-09-23 11:01 2370 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.manifest
2005-09-23 11:01 . 2005-09-23 11:01 1868 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.manifest
2005-09-23 11:01 . 2005-09-23 11:01 2370 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.manifest
2005-09-23 11:01 . 2005-09-23 11:01 1868 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.manifest
2005-09-23 05:16 . 2005-09-23 05:16 718 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8\8.0.50727.42.policy
2005-09-23 05:16 . 2005-09-23 05:16 1238 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.manifest
2005-09-23 05:16 . 2005-09-23 05:16 1238 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.manifest
2005-09-23 05:16 . 2005-09-23 05:16 718 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8\8.0.50727.42.policy
2005-09-23 05:16 . 2005-09-23 05:16 712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8\8.0.50727.42.policy
2005-09-23 05:16 . 2005-09-23 05:16 712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8\8.0.50727.42.policy
2005-09-23 05:16 . 2005-09-23 05:16 57344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfcm80u.dll
2005-09-23 05:16 . 2005-09-23 05:16 57344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfcm80u.dll
2005-09-23 05:16 . 2005-09-23 05:16 57344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfcm80u.dll
2005-09-23 05:16 . 2005-09-23 05:16 69632 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfcm80.dll
2005-09-23 05:16 . 2005-09-23 05:16 69632 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfcm80.dll
2005-09-23 05:16 . 2005-09-23 05:16 69632 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfcm80.dll
2005-09-23 05:16 . 2005-09-23 05:16 1079808 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80u.dll
2005-09-23 05:16 . 2005-09-23 05:16 1079808 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfc80u.dll
2005-09-23 05:16 . 2005-09-23 05:16 1079808 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfc80u.dll
2005-09-23 05:16 . 2005-09-23 05:16 1093632 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80.dll
2005-09-23 05:16 . 2005-09-23 05:16 1093632 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfc80.dll
2005-09-23 05:16 . 2005-09-23 05:16 1093632 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfc80.dll
2005-09-23 04:58 . 2005-09-23 04:58 40960 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80chs.dll
2005-09-23 04:58 . 2005-09-23 04:58 45056 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80cht.dll
2005-09-23 04:58 . 2005-09-23 04:58 65536 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80deu.dll
2005-09-23 04:58 . 2005-09-23 04:58 57344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80enu.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80esp.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80fra.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80ita.dll
2005-09-23 04:58 . 2005-09-23 04:58 49152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80jpn.dll
2005-09-23 04:58 . 2005-09-23 04:58 49152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80kor.dll
2005-09-23 04:58 . 2005-09-23 04:58 40960 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80chs.dll
2005-09-23 04:58 . 2005-09-23 04:58 45056 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80cht.dll
2005-09-23 04:58 . 2005-09-23 04:58 65536 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80deu.dll
2005-09-23 04:58 . 2005-09-23 04:58 57344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80enu.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80esp.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80fra.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80ita.dll
2005-09-23 04:58 . 2005-09-23 04:58 49152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80jpn.dll
2005-09-23 04:58 . 2005-09-23 04:58 49152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80kor.dll
2005-09-23 04:58 . 2005-09-23 04:58 40960 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80chs.dll
2005-09-23 04:58 . 2005-09-23 04:58 45056 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80cht.dll
2005-09-23 04:58 . 2005-09-23 04:58 65536 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80deu.dll
2005-09-23 04:58 . 2005-09-23 04:58 57344 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80enu.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80esp.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80fra.dll
2005-09-23 04:58 . 2005-09-23 04:58 61440 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80ita.dll
2005-09-23 04:58 . 2005-09-23 04:58 49152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80jpn.dll
2005-09-23 04:58 . 2005-09-23 04:58 49152 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80kor.dll
2005-09-23 03:49 . 2005-09-23 03:49 95744 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\atl80.dll
2005-09-23 03:49 . 2005-09-23 03:49 712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8\8.0.50727.42.policy
2005-09-23 03:49 . 2005-09-23 03:49 95744 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8\atl80.dll
2005-09-23 03:49 . 2005-09-23 03:49 95744 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\atl80.dll
2005-09-23 03:49 . 2005-09-23 03:49 464 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.manifest
2005-09-23 03:49 . 2005-09-23 03:49 464 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.manifest
2005-09-23 03:49 . 2005-09-23 03:49 712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8\8.0.50727.42.policy
2005-09-23 03:48 . 2005-09-23 03:48 114688 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi\atl80.dll
2005-09-23 03:48 . 2005-09-23 03:48 712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8\8.0.50727.42.policy
2005-09-23 03:48 . 2005-09-23 03:48 712 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8\8.0.50727.42.policy
2005-09-23 03:48 . 2005-09-23 03:48 479232 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcm80.dll
2005-09-23 03:48 . 2005-09-23 03:48 548864 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcp80.dll
2005-09-23 03:48 . 2005-09-23 03:48 479232 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcm80.dll
2005-09-23 03:48 . 2005-09-23 03:48 548864 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcp80.dll
2005-09-23 03:48 . 2005-09-23 03:48 479232 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcm80.dll
2005-09-23 03:48 . 2005-09-23 03:48 548864 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcp80.dll
2005-09-23 03:48 . 2005-09-23 03:48 626688 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcr80.dll
2005-09-23 03:48 . 2005-09-23 03:48 626688 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcr80.dll
2005-09-23 03:48 . 2005-09-23 03:48 626688 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcr80.dll
2005-09-22 04:11 . 2005-09-22 04:11 31744 ----a-w- c:\b90779d6e7bb1c16de8c\setup\libertysql.msp
2005-09-22 04:11 . 2005-09-22 04:11 35840 ----a-w- c:\b90779d6e7bb1c16de8c\setup\msde2000.msp
2005-09-18 21:33 . 2005-09-18 21:33 522 ----a-w- c:\b90779d6e7bb1c16de8c\microsoft.vc80.crt.manifest
2005-09-15 04:08 . 2005-09-15 04:08 1139896 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\instmsdb.sql
2005-08-11 04:11 . 2005-08-11 04:11 4236 ----a-w- c:\b90779d6e7bb1c16de8c\splash.hta
2005-08-09 04:13 . 2005-08-09 04:13 13933 ----a-w- c:\b90779d6e7bb1c16de8c\default.hta
2005-08-08 04:09 . 2005-08-08 04:09 9062 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\mdf_ndf_dbfiles.ico
2005-08-08 04:09 . 2005-08-08 04:09 9062 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\shared\transaction_logfile.ico
2005-08-08 04:09 . 2005-08-08 04:09 12543 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload\format\bulkloadschema.xsd
2005-08-05 04:07 . 2005-08-05 04:07 5441 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\queryprocessor\memorygrantschema.xsd
2005-08-05 04:07 . 2005-08-05 04:07 60399 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\showplan\showplanxml.xsd
2005-08-04 04:16 . 2005-08-04 04:16 50418 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\dta\dtaschema.xsd
2005-07-29 04:13 . 2005-07-29 04:13 13314 ----a-w- c:\b90779d6e7bb1c16de8c\default.htm
2005-07-27 04:11 . 2005-07-27 04:11 55296 ----a-w- c:\b90779d6e7bb1c16de8c\setup\system\sqlservermanager.msc
2005-07-27 04:11 . 2005-07-27 04:11 2198 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\xpstar.sql
2005-07-27 04:10 . 2005-07-27 04:10 31258 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.exceptionmessagebox.xml
2005-07-18 04:10 . 2005-07-18 04:10 20790 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\browse_cd.gif
2005-07-18 04:10 . 2005-07-18 04:10 18463 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\license_agreement.gif
2005-07-18 04:10 . 2005-07-18 04:10 19347 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\newsgroup.gif
2005-07-18 04:10 . 2005-07-18 04:10 18463 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\release_notes.gif
2005-07-18 04:10 . 2005-07-18 04:10 18647 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\server.gif
2005-07-18 04:10 . 2005-07-18 04:10 17888 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\setup.gif
2005-07-18 04:10 . 2005-07-18 04:10 19347 ----a-w- c:\b90779d6e7bb1c16de8c\setup\images\sql_website.gif
2005-07-13 04:12 . 2005-07-13 04:12 4351 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.servicebrokerenum.xml
2005-07-11 04:11 . 2005-07-11 04:11 98 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\dbengine_hotfix_install.sql
2005-07-11 04:11 . 2005-07-11 04:11 102 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\dbengine_hotfix_uninstall.sql
2005-07-08 03:36 . 2005-07-08 03:36 12701 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\sqldmo.sql
2005-07-07 04:23 . 2005-07-07 04:23 2844 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\web.sql
2005-06-27 17:53 . 2005-06-27 17:53 2101214 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\80\tools\binn\sqldmo80.hlp
2005-06-27 17:53 . 2005-06-27 17:53 84938 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\80\tools\binn\sqldmo80.cnt
2005-06-20 04:10 . 2005-06-20 04:10 6709 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\procsyst.sql
2005-06-13 17:19 . 2005-06-13 17:19 54 ----a-w- c:\b90779d6e7bb1c16de8c\autorun.inf
2005-06-13 17:19 . 2005-06-13 17:19 9062 ----a-w- c:\b90779d6e7bb1c16de8c\setup.ico
2005-06-13 17:19 . 2005-06-13 17:19 1406 ----a-w- c:\b90779d6e7bb1c16de8c\autorun.ico
2005-06-13 16:38 . 2005-06-13 16:38 36527 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\u_tables.sql
2005-06-13 16:38 . 2005-06-13 16:38 5924 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\oledbsch.sql
2005-06-13 16:35 . 2005-06-13 16:35 68 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\x86\install\odsole.sql
2005-06-13 16:15 . 2005-06-13 16:15 9553 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\options\sqlsoapoptions.xsd
2005-06-13 16:15 . 2005-06-13 16:15 2354 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlsoaptypes.xsd
2005-06-13 16:15 . 2005-06-13 16:15 2735 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlmessage\sqlmessage.xsd
2005-06-13 16:15 . 2005-06-13 16:15 4001 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlparameter\sqlparameter.xsd
2005-06-13 16:15 . 2005-06-13 16:15 3103 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlresultstream\sqlresultstream.xsd
2005-06-13 16:15 . 2005-06-13 16:15 1987 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlrowcount\sqlrowcount.xsd
2005-06-13 16:15 . 2005-06-13 16:15 2430 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqltransaction\sqltransaction.xsd
2005-06-13 16:15 . 2005-06-13 16:15 9229 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\sqltypes\sqltypes.xsd
2005-06-13 15:47 . 2005-06-13 15:47 6363 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.wmienum.xml
2005-06-13 15:46 . 2005-06-13 15:46 28080 ----a-w- c:\b90779d6e7bb1c16de8c\setup\program files\microsoft sql server\90\com\en\microsoft.sqlserver.replication.businesslogicsupport.xml
.
---- Directory of C:\e111f9e36e2307c8ebc0 ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-13_20.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-14 15:54 . 2012-04-14 15:54 16384 c:\windows\temp\Perflib_Perfdata_270.dat
+ 2012-04-14 15:55 . 2007-03-29 12:10 214712 c:\windows\temp\FCEF29.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe" [2009-07-22 1830128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2011-08-30 46520]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2011-08-30 738776]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2005-01-06 212992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\Nuance\OmniPageSE4\OpwareSE4.exe" [2007-06-27 79136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-21 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-6-10 1466200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL" [2011-12-10 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 11:35 548352 ----a-w- c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 22:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Retriever.lnk
backup=c:\windows\pss\Image Retriever.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
backup=c:\windows\pss\Bloggie Watcher Utility.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk]
path=c:\documents and settings\matt.thomas\Start Menu\Programs\Startup\SmartScan.lnk
backup=c:\windows\pss\SmartScan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2011-08-30 22:56 46520 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 09:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
2004-09-01 15:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 20:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 05:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2010-09-11 21:18 32960 ----a-w- c:\program files\Starfield\starfieldupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\matt.thomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 NEOFLTR_630_14121;Juniper Networks TDI Filter Driver (NEOFLTR_630_14121);c:\windows\system32\drivers\NEOFLTR_630_14121.sys [3/26/2009 11:02 PM 64480]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS [11/17/2008 4:11 PM 12880]
R2 !SASCORE;SAS Core Service;c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE [12/7/2010 4:33 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 1:47 PM 1310960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/12/2011 3:03 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2011 2:26 PM 654408]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 11:44 AM 31232]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\tmxpflt.sys [9/17/2007 2:40 PM 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [9/17/2007 2:40 PM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [4/28/2006 4:23 AM 165888]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2011 2:26 PM 22344]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys --> c:\documents and settings\matt.thomas\Desktop\SASKUTIL.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 8:11 AM 253600]
S3 SASENUM;SASENUM;\??\c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS --> c:\documents and settings\matt.thomas\Desktop\SASENUM.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:47]
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-03-27 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y3A733072K3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2012-04-14 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-03-27 21:23]
.
2012-04-14 c:\windows\Tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: listen.com\www
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} - hxxps://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab
FF - ProfilePath - c:\documents and settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 11:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\documents and settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Juniper Networks\Secure Application Manager\samnsp.dll
.
- - - - - - - > 'lsass.exe'(1348)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\WININET.dll
c:\program files\Nuance\OmniPageSE4\OpHookSE4.dll
c:\documents and settings\matt.thomas\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\TEMP\FCEF29.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-04-14 12:07:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 16:07
ComboFix2.txt 2012-04-13 20:47
ComboFix3.txt 2012-04-11 11:51
ComboFix4.txt 2012-04-10 17:51
ComboFix5.txt 2012-04-14 15:38
.
Pre-Run: 7,067,123,712 bytes free
Post-Run: 7,056,510,976 bytes free
.
- - End Of File - - E15989DDC9008ED46FA7F4A216B1FD9D


3. No log was produced.

4. Everything seems to be running a little slower. Programs like Word, or Excel do not snap open like they did before. I dont know.

Well, let me know what you think!

Matt

Hi Matt!

1. I was about an hour into the ESET scan and my Trend Micro popped up saying it detected a whole list of threats. It does not have the capability to produce a log so I attached a screenshot of the "threats" it picked up. Also, ESET did not see any viruses so it did not give me an option to print a log, either.

Okay, thanks for that information, as well as for the screenshot.

Those threats that were detected by Trend Micro are currently in Quarantine, and should be removed when we clean-up our tools later.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  NECUsb3s
  NEC Usb3
  :Processes
  KILLALLPROCESSES
  :OTL
  
  :Reg
  
  :Files
  C:\e111f9e36e2307c8ebc0
  :Commands
  [CreateRestorePoint]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Here are the 2 logs:

========== SERVICES/DRIVERS ==========
Error: No service named NECUsb3s was found to stop!
Service\Driver key NECUsb3s not found.
Error: No service named NEC Usb3 was found to stop!
Service\Driver key NEC Usb3 not found.
========== PROCESSES ==========
All processes killed
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\e111f9e36e2307c8ebc0 folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_102100

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Trend Micro Client/Server Security Agent
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CA Yahoo! Anti-Spy (remove only)
SpywareBlaster 4.6
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (3.6.12) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Trend Micro OfficeScan Client pccntmon.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent OfcPfwSvc.exe
``````````End of Log````````````

Hi Matt!

Are you familiar with the Windows Registry? We may need to do some manually editing. Would you feel comfortable doing this, if you had detailed instructions for accomplishing this?

Please run this OTL Custom Scan.

Please pay close attention to the instructions below.

OTL Custom Scan

We need to create a new OTL Report

• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Click on the NONE button at the top.
• In the box Cope & Paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  "%WinDir%\$NtUninstallKB*$."
  C:\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NEC Usb3 /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NECUsb3s /s
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  hlp.dat
  /md5stop
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  

• Push the button.
• One report will open, copy and paste it in a reply here:
• OTL.txt <-- Will be opened

I have never messed with the registry on a computer, but I am willing to do it with your instruction!



OTL logfile created on: 4/17/2012 5:24:34 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\matt.thomas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.49% Memory free
3.84 Gb Paging File | 1.83 Gb Available in Paging File | 47.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 6.35 Gb Free Space | 8.53% Space Free | Partition Type: NTFS

Computer Name: MDS0083 | User Name: matt.thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 10:18:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2009/07/22 12:21:25 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/08/06 13:41:06 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 11:58:44 | 000,079,136 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\OmniPageSE4\OpWareSE4.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/29 08:10:06 | 000,394,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\YEF909.EXE
PRC - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 06:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 04:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/09/08 02:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 02:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2005/01/06 04:16:24 | 000,212,992 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/08/20 17:15:48 | 000,483,328 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 11:39:28 | 001,310,752 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2011/08/30 14:25:44 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ViewerPS.dll
MOD - [2010/03/12 17:21:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\YEF909.EXE
MOD - [2007/03/29 08:09:20 | 000,108,232 | ---- | M] () -- C:\Program Files\Trend Micro\Client Server Security Agent\WerAgent.dll
MOD - [2007/03/16 05:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/18 15:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/14 13:47:24 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/10 14:50:15 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/26 18:15:42 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/16 13:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2009/08/14 11:44:40 | 000,031,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/08 19:04:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 23:59:58 | 000,487,424 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/05/23 10:55:50 | 002,281,472 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2003/11/12 05:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/08/25 16:41:30 | 001,421,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2003/05/14 08:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\matt.thomas\Desktop\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 14:50:08 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\VsapiNT.sys -- (VSApiNt)
DRV - [2009/03/26 23:02:00 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_630_14121.sys -- (NEOFLTR_630_14121) Juniper Networks TDI Filter Driver (NEOFLTR_630_14121)
DRV - [2008/10/20 11:52:54 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/03/22 10:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2007/03/16 05:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/13 01:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 08:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 20:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 20:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 20:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 19:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/28 17:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/04/28 04:23:32 | 000,165,888 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/04/06 19:46:50 | 000,034,240 | R--- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/20 09:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/25 16:40:44 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/03/03 14:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/12/26 10:22:38 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071208
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=home|http://email14.secureserver.net/webmail.php|https://teambeachbody.com/home?p_p_id=58&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/22 15:29:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\matt.thomas\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\matt.thomas\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files\Sony\Bloggie Software\npsome.dll (Sony)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 16:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:36:33 | 000,000,000 | ---D | M]

[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions
[2010/09/10 17:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/06 00:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions
[2009/09/04 20:27:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/29 01:17:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/26 20:34:24 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\matt.thomas\Application Data\Mozilla\Firefox\Profiles\ka9mi6mt.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2012/04/11 07:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/19 00:10:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/11 00:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/09/11 17:19:08 | 000,000,000 | ---D | M] (WBE Paste) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\WBEPASTE@STARFIELD
[2010/09/11 17:19:09 | 000,000,000 | ---D | M] (Starfield Zoom) -- C:\DOCUMENTS AND SETTINGS\MATT.THOMAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\ZOOMEXT@STARFIELD
[2009/08/01 18:46:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/04/14 11:56:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\Nuance\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010..\Run: [SUPERAntiSpyware] C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\41058a53-5c39-4601-a9be-4e1e6a0cab89.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk = C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKU\S-1-5-21-3533896824-2771019353-3818809623-1010\..Trusted Domains: listen.com ([www] http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.2.2.12:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://asp21.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://10.2.2.12:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://10.2.2.12:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} https://10.2.2.12:4343/SMB/console/html/root/AtxConsole.cab (Security Server Management Console)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://michiganheart.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73FA15BD-EB5C-43E6-9329-76F2C740173D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL) - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/08 21:03:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Retriever.lnk - C:\Program Files\Nuance\PaperPort\xdcla.exe - (Nuance Communications, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk - C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\matt.thomas\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^matt.thomas^Start Menu^Programs^Startup^SmartScan.lnk - - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Acrobat Speed Launch - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: Document Manager - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: FJTWAIN Setup - hkey= - key= - C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe (FUJITSU LIMITED)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: Starfield Updater - hkey= - key= - C:\Program Files\Starfield\StarfieldUpdate.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 10:21:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 10:18:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/14 15:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/14 11:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/13 16:24:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/10 13:09:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/10 13:09:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/10 13:09:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/10 13:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 13:07:02 | 004,455,337 | R--- | C] (Swearware) -- C:\Documents and Settings\matt.thomas\Desktop\ComboFix.exe
[2012/04/10 08:47:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/06 13:39:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/06 00:14:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\matt.thomas\Recent
[2012/04/04 20:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/04 20:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/31 08:11:40 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 07:55:57 | 000,000,000 | ---D | C] -- C:\b90779d6e7bb1c16de8c
[2012/03/31 07:55:23 | 000,000,000 | ---D | C] -- C:\06f8874658948246fc0a81a1039476

========== Files - Modified Within 30 Days ==========

[2012/04/17 17:34:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AEF3A359-68A8-427C-8F9A-70E8242AF0B4}.job
[2012/04/17 16:40:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Microsoft Office Outlook 2007.lnk
[2012/04/17 15:56:04 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/04/17 14:28:50 | 000,001,892 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\My Documents\Default.rdp
[2012/04/17 13:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/17 13:26:11 | 001,386,054 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\ATT07217.bmp
[2012/04/16 20:20:03 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/16 14:08:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/16 14:07:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/16 14:07:00 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 19:52:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/15 10:19:38 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\SecurityCheck.exe
[2012/04/15 10:18:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matt.thomas\Desktop\OTL.exe
[2012/04/14 13:47:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 13:47:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/14 11:56:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/13 11:28:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/12 10:07:49 | 000,515,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 10:07:49 | 000,098,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 10:00:14 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 20:34:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 13:06:58 | 004,455,337 | R--- | M] (Swearware) -- C:\Documents and Settings\matt.thomas\Desktop\ComboFix.exe
[2012/04/10 08:51:54 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/10 08:51:54 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/09 13:43:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/07 23:45:54 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/04/06 15:08:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe
[2012/04/05 23:48:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
[2012/04/05 23:48:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
[2012/04/05 19:32:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
[2012/04/05 19:21:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
[2012/04/05 19:21:35 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 23:13:30 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
[2012/04/01 20:40:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
[2012/04/01 20:40:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
[2012/03/30 13:15:05 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Adobe Acrobat 8 Standard.lnk
[2012/03/27 19:57:06 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY3A733072K3.job
[2012/03/27 19:44:10 | 000,052,218 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\1332889100329.jpg
[2012/03/21 18:13:38 | 000,046,249 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\John nationals.jpg
[2012/03/21 17:26:47 | 000,044,458 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals1.jpg
[2012/03/21 17:26:07 | 000,046,512 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals.jpg
[2012/03/18 23:43:19 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/04/17 13:29:30 | 001,386,054 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\ATT07217.bmp
[2012/04/16 14:18:52 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2012/04/15 10:19:39 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\SecurityCheck.exe
[2012/04/13 11:28:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\MBR.dat
[2012/04/11 20:34:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/10 13:09:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/10 13:09:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/10 13:09:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/10 13:09:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/10 13:09:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/10 08:51:54 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/04/10 08:48:26 | 2136,965,120 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 23:07:30 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/04/05 23:48:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
[2012/04/05 23:48:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
[2012/04/05 23:48:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/05 19:21:36 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
[2012/04/05 19:21:35 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/05 19:21:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
[2012/04/03 23:12:32 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
[2012/03/31 08:11:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/27 19:44:51 | 000,052,218 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\1332889100329.jpg
[2012/03/21 18:14:14 | 000,046,249 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\John nationals.jpg
[2012/03/21 17:27:02 | 000,044,458 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals1.jpg
[2012/03/21 17:26:31 | 000,046,512 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Desktop\Dad nationals.jpg
[2012/02/15 10:43:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/05 19:51:38 | 001,101,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." >
[2010/08/12 10:31:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2079403$
[2010/08/12 10:32:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2115168$
[2010/09/16 07:49:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2121546$
[2010/09/16 07:43:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2010/09/29 14:33:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2158563$
[2010/08/12 10:21:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2160329$
[2010/07/15 09:51:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2229593$
[2010/09/16 07:50:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2259922$
[2010/10/14 11:51:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2279986$
[2010/08/04 10:20:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2286198$
[2010/10/14 11:51:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296011$
[2010/12/16 12:24:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296199$
[2010/10/14 11:51:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2345886$
[2010/09/16 07:49:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2347290$
[2010/10/14 11:35:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2360937$
[2010/10/14 11:51:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[2010/10/14 11:52:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2387149$
[2011/02/10 12:19:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2393802$
[2011/04/18 10:03:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2412687$
[2011/01/12 16:17:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2419632$
[2010/12/16 12:13:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/12/16 12:22:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2436673$
[2010/12/16 12:22:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2440591$
[2010/12/16 12:24:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443105$
[2010/12/16 12:22:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443685$
[2010/12/16 12:17:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2447961_WM9L$
[2010/12/16 12:21:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2467659$
[2011/06/17 20:38:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476490$
[2011/02/10 12:22:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476687$
[2011/02/10 12:19:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478960$
[2011/02/10 12:27:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478971$
[2011/02/10 12:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479628$
[2011/03/10 09:49:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479943$
[2011/03/10 09:45:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2481109$
[2011/02/10 12:26:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2483185$
[2011/02/10 12:27:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485376$
[2011/04/18 10:06:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485663$
[2011/04/18 10:07:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2491683$
[2011/04/18 09:58:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503658$
[2011/06/17 20:38:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503665$
[2011/04/18 09:53:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506212$
[2011/04/18 10:06:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506223$
[2011/04/18 09:56:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507618$
[2011/07/14 10:56:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507938$
[2011/04/18 09:59:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508272$
[2011/04/18 09:56:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508429$
[2011/04/18 09:47:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2509553$
[2011/04/18 09:56:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2511455$
[2011/03/25 16:54:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2524375$
[2011/06/17 20:38:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2535512$
[2011/06/17 20:37:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276$
[2011/08/11 08:56:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276-v2$
[2011/06/30 11:44:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2541763$
[2011/06/17 20:36:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893$
[2011/11/10 09:54:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[2011/07/14 10:48:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2555917$
[2011/08/11 08:50:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2562937$
[2011/10/13 11:23:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2564958$
[2011/08/11 08:50:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2566454$
[2011/10/13 11:12:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567053$
[2011/08/11 08:57:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567680$
[2011/08/11 08:56:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570222$
[2011/08/25 09:14:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570791$
[2011/09/15 09:47:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570947$
[2012/01/12 09:41:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2584146$
[2012/01/13 12:07:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2585542$
[2011/10/13 11:12:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2592799$
[2012/01/12 09:45:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2598479$
[2012/01/12 09:42:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2603381$
[2011/09/08 09:42:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2607712$
[2011/09/15 09:54:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2616676$
[2011/12/16 10:52:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2618451$
[2011/12/16 10:52:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2619339$
[2011/12/16 10:50:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2620712$
[2012/03/15 07:59:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2621440$
[2011/12/16 11:00:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2624667$
[2012/01/12 09:51:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2631813$
[2011/12/16 10:50:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633171$
[2011/12/16 10:52:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633952$
[2011/12/16 11:00:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2639417$
[2012/03/15 08:04:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641653$
[2011/11/12 23:51:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641690$
[2012/01/12 09:51:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2646524$
[2012/03/15 07:59:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2647518$
[2012/04/12 09:59:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2653956$
[2012/02/16 09:27:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2660465$
[2012/02/16 09:24:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2661637$
[2007/12/08 18:40:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB835221WXP$
[2008/02/05 12:47:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB885836$
[2008/02/05 12:36:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB886185$
[2008/02/05 12:37:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB888302$
[2008/02/05 12:35:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB890859$
[2008/02/05 12:46:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB893756$
[2008/02/05 12:35:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB894391$
[2008/02/05 12:35:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB896428$
[2008/01/31 11:41:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB898461$
[2008/02/05 12:47:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB899587$
[2008/02/05 12:46:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900485$
[2008/02/05 12:36:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900725$
[2008/02/05 12:47:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB901017$
[2008/02/05 12:39:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB902400$
[2008/09/21 19:27:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB904942$
[2008/02/05 12:37:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905414$
[2008/02/05 12:36:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905749$
[2008/05/18 10:03:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB909394$
[2008/02/05 12:39:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB910437$
[2008/02/05 12:46:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911280$
[2008/02/05 12:47:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911927$
[2008/02/05 12:36:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB913580$
[2008/02/05 12:35:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914389$
[2008/09/21 19:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914440$
[2010/04/09 11:26:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB915800-v4$
[2008/09/21 19:29:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB915865$
[2008/02/05 12:36:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB916595$
[2008/02/05 12:37:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB920872$
[2008/02/05 12:37:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922582$
[2008/02/05 12:47:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922819$
[2009/09/03 19:32:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923561$
[2009/06/29 15:08:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923561_0$
[2008/02/05 12:47:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923723$
[2008/05/22 09:34:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB926239$
[2008/02/05 12:47:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927779$
[2008/02/05 12:46:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927891$
[2008/05/22 09:38:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB929399$
[2008/02/05 12:36:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB930916$
[2007/12/08 18:39:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB931784$
[2008/09/23 06:51:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB932823-v3$
[2008/02/05 12:47:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB933729$
[2008/02/05 12:46:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936357$
[2008/08/05 08:52:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936782_WMP11$
[2008/02/05 12:47:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB937894$
[2009/09/03 19:32:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464$
[2009/09/04 08:39:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464-v2$
[2008/09/11 09:09:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464_0$
[2008/08/05 08:52:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB939683$
[2010/04/09 11:26:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB940157$
[2008/02/05 12:37:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941202$
[2008/02/05 12:37:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941568$
[2008/02/05 12:37:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941569$
[2008/02/05 12:46:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941644$
[2008/04/11 04:26:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941693$
[2011/11/29 15:08:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942288-v3$
[2008/02/05 12:36:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942615$
[2008/02/05 12:37:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942763$
[2008/02/05 12:47:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942840$
[2008/02/13 10:30:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943055$
[2008/02/05 12:47:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943460$
[2008/02/05 12:36:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943485$
[2008/04/11 04:25:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944338$
[2008/02/13 10:30:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944533$
[2008/02/05 12:35:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944653$
[2008/04/11 04:25:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB945553$
[2008/02/13 10:31:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946026$
[2009/09/03 19:32:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946648$
[2008/08/14 08:53:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946648_0$
[2008/04/11 04:27:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB947864$
[2008/04/11 04:26:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948590$
[2008/04/11 04:28:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948881$
[2008/05/15 07:34:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950749$
[2008/06/12 09:01:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950759$
[2008/06/12 09:01:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950760$
[2009/09/03 19:32:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762$
[2008/06/12 09:01:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762_0$
[2009/09/03 19:32:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950974$
[2008/08/14 08:52:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950974_0$
[2009/09/03 19:33:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951066$
[2008/08/14 08:51:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951066_0$
[2008/08/14 08:51:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951072-v2$
[2009/09/03 19:33:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376$
[2009/09/03 19:33:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2$
[2008/06/20 15:23:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2_0$
[2008/06/12 09:01:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376_0$
[2009/09/03 19:33:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698$
[2008/06/12 09:02:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698_0$
[2009/09/03 19:33:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951748$
[2008/07/09 16:25:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951748_0$
[2009/09/04 08:45:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951978$
[2009/09/03 19:33:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952004$
[2009/06/29 15:12:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952004_0$
[2009/04/13 10:44:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952069_WM9$
[2009/09/03 19:33:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952287$
[2008/08/14 08:51:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952287_0$
[2009/09/03 19:34:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952954$
[2008/08/14 08:53:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952954_0$
[2008/08/14 08:51:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB953838$
[2008/08/14 08:53:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB953839$
[2008/09/11 09:08:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954154_WM11$
[2011/12/11 01:21:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954155_WM9$
[2008/11/09 10:50:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954156_WM9L$
[2009/09/03 19:34:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954211$
[2008/10/16 09:51:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954211_0$
[2009/09/04 08:44:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954459$
[2009/09/03 19:34:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954600$
[2009/01/28 18:00:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954600_0$
[2009/09/03 19:34:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955069$
[2008/11/13 11:11:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955069_0$
[2010/01/14 07:49:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955759$
[2009/01/28 18:01:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955839$
[2008/10/16 09:52:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956391$
[2009/09/03 19:34:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956572$
[2009/06/29 15:13:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956572_0$
[2009/09/04 08:44:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956744$
[2009/09/03 19:34:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956802$
[2009/01/28 18:00:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956802_0$
[2009/09/03 19:35:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956803$
[2008/10/16 09:52:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956803_0$
[2009/09/03 19:35:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956841$
[2008/10/16 09:50:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956841_0$
[2012/04/06 14:58:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956844$
[2009/09/03 19:35:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957095$
[2008/10/16 09:52:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957095_0$
[2009/09/03 19:35:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957097$
[2008/11/13 11:11:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957097_0$
[2009/09/03 17:37:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958470$
[2009/09/03 19:35:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958644$
[2008/10/25 15:02:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958644_0$
[2009/09/03 19:35:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958687$
[2009/04/13 10:43:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958687_0$
[2009/09/03 19:35:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958690$
[2009/04/13 10:37:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958690_0$
[2009/10/16 11:47:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958869$
[2009/09/03 19:36:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959426$
[2009/06/29 15:16:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959426_0$
[2009/04/13 10:36:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959772_WM11$
[2009/09/03 19:36:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960225$
[2009/04/13 10:44:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960225_0$
[2009/04/13 10:43:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960715$
[2009/09/03 19:36:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960803$
[2009/06/29 15:09:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960803_0$
[2009/09/03 19:36:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960859$
[2009/09/03 18:51:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960859_0$
[2009/09/04 08:44:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961118$
[2009/09/03 19:36:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961371-v2$
[2009/09/03 18:51:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961371-v2_0$
[2009/09/03 19:36:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961373$
[2009/06/29 15:15:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961373_0$
[2009/09/03 19:36:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961501$
[2009/06/29 15:13:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961501_0$
[2010/10/06 09:35:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961503$
[2010/04/11 14:39:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB963093$
[2009/09/03 19:37:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB967715$
[2009/04/13 10:37:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB967715_0$
[2009/09/03 19:37:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968389$
[2009/09/03 17:36:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968389_0$
[2009/09/03 19:37:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968537$
[2009/06/29 15:09:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968537_0$
[2009/09/10 08:47:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968816_WM9$
[2009/10/16 11:43:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969059$
[2009/06/29 15:12:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969898$
[2009/11/13 11:06:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969947$
[2009/09/03 19:37:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970238$
[2009/06/29 15:09:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970238_0$
[2009/12/11 12:19:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970430$
[2009/09/03 17:36:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970653-v3$
[2011/02/24 11:38:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971029$
[2009/09/03 17:36:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971032$
[2010/02/11 10:17:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971468$
[2009/10/16 11:38:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971486$
[2009/09/03 19:37:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971557$
[2009/09/03 18:49:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971557_0$
[2009/09/03 19:37:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971633$
[2009/09/03 18:34:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971633_0$
[2009/09/03 19:37:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971657$
[2009/09/03 18:50:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971657_0$
[2009/12/11 12:15:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971737$
[2010/01/14 07:49:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB972270$
[2009/09/03 18:49:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973346$
[2009/09/03 19:38:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973354$
[2009/09/03 17:40:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973354_0$
[2009/09/03 19:38:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973507$
[2009/09/03 18:33:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973507_0$
[2009/10/16 11:38:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973525$
[2009/09/03 18:34:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973540_WM9L$
[2009/11/26 10:44:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973687$
[2009/09/03 19:38:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973815$
[2009/09/03 17:36:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973815_0$
[2009/09/03 19:38:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973869$
[2009/09/03 18:34:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973869_0$
[2009/12/11 12:17:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973904$
[2009/10/16 11:43:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974112$
[2009/12/11 12:19:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974318$
[2009/12/11 12:16:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974392$
[2009/10/16 11:43:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974571$
[2009/10/16 11:43:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975025$
[2009/10/16 11:36:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975467$
[2010/09/16 07:50:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975558_WM8$
[2010/02/11 10:14:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975560$
[2010/03/12 08:18:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975561$
[2010/06/10 09:57:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975562$
[2010/02/11 10:14:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975713$
[2009/11/26 10:44:41 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB976098-v2$
[2010/02/11 10:11:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977165$
[2010/04/15 09:36:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977816$
[2010/02/11 10:12:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977914$
[2010/02/11 10:14:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978037$
[2010/02/11 10:14:11 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978251$
[2010/02/11 10:17:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978262$
[2010/04/15 09:37:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978338$
[2010/05/13 09:33:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978542$
[2010/04/15 09:36:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978601$
[2010/06/10 10:00:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978695_WM9$
[2010/02/11 10:11:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978706$
[2010/02/24 11:17:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979306$
[2010/04/15 09:34:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979309$
[2010/06/10 09:41:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979332_WM9L$
[2010/06/10 09:58:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979482$
[2010/06/10 10:05:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979559$
[2012/04/06 00:42:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979683$
[2010/10/14 11:49:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979687$
[2010/06/10 10:11:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980195$
[2010/06/10 10:11:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980218$
[2010/04/15 09:40:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980232$
[2010/08/12 10:21:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980436$
[2010/09/16 07:48:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981322$
[2010/05/26 09:48:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981793$
[2010/08/12 10:31:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981852$
[2010/10/14 11:36:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981957$
[2010/08/12 10:14:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981997$
[2010/10/14 11:50:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982132$
[2010/08/12 10:32:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982214$
[2010/08/12 10:13:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982665$
[2010/09/16 07:49:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982802$

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >
[2008/06/10 09:54:41 | 011,132,416 | ---- | M] () -- C:\vpnclient-win-msi-5.0.03.0530-k9.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NEC Usb3 /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NECUsb3s /s >

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/03 19:12:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/06 14:21:25 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/06 14:21:14 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\matt.thomas\Desktop\aswMBR.exe:SummaryInformation

< End of report >

Hi Matt!

I have never messed with the registry on a computer, but I am willing to do it with your instruction!

Okay. We'll worry about this a little later.

Do you recognize this file?

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MATT~1.THO/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

ComboFix may ask you to download the latest version, please allow it to do so, if prompted.

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic449222.html/page__view__findpost__p__2668978
KillAll::
ClearJavaCache::
Suspect::[102]
C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe
Collect::[102]
C:\WINDOWS\temp\YEF909.EXE
C:\Documents and Settings\matt.thomas\Application Data\datafile
C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
C:\Documents and Settings\matt.thomas\Application Data\668F75

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- C:\WINDOWS\temp\YEF909.EXE
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
  [2011/12/11 00:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
  File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
  [2012/04/05 23:48:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
  [2012/04/05 23:48:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
  [2012/04/05 19:32:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
  [2012/04/05 19:21:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
  [2012/04/05 19:21:35 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
  [2012/04/03 23:13:30 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
  [2012/04/01 20:40:21 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\mcs.rma
  [2012/04/01 20:40:21 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\matt.thomas\Application Data\668F75
  [2012/04/05 23:48:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Qr
  [2012/04/05 23:48:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bG8INNnYQ1cH9Q
  [2012/04/05 19:21:36 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5r
  [2012/04/05 19:21:35 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
  [2012/04/05 19:21:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dkGhBZ42o3gQm5
  [2012/04/03 23:12:32 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\matt.thomas\Application Data\datafile
  :Commands
  [EMPTYTEMP]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.