Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox OffersForToday adware


  • This topic is locked This topic is locked
59 replies to this topic

#1 CheleCity

CheleCity

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 14 April 2010 - 08:06 AM

I'm getting an adware that will randomly open new browser windows with ads. All the windows says, "Ads by OffersForToday". I've tried reading forums, Eset malware software, Spywareblaster, Adaware software, and it's better than my efforts so far.

Here is HijackThis log file and OTL log file. Any help would be greatly appreciated. I would have thought that since the window says where it was from that a Google search would lead to lots of information, but it doesn't. I've done all I know how to do. Thank you for your help in advance.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 8:56:40.31 on Wed 04/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.90 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AllKeys\AllKeys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TitleBarClock\TBC.EXE
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MSB IntegriClaim\IntegriC.exe
C:\Program Files\PI Engineering\MacroWorks II\MacroWorks.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eFax Messenger 4.1\J2GPlus.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Streets & Trips 2009\StreetsOlkShim.exe
C:\Documents and Settings\Mike\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/index.html
uInternet Connection Wizard,ShellNext = iexplore
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf viewer\PDFXCviewIEPlugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [AllKeysMacro] c:\program files\allkeys\AllKeys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Spy Watcher] "c:\progra~1\spycle~2\SpyWatcher.exe" -S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [nwiz] nwiz.exe /install
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\titleb~1.lnk - c:\program files\titlebarclock\TBC.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: onlinereportinginc.com\filetrac
Trusted Zone: rexplorer.net
Trusted Zone: rexplorer.net\atl
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095460271703
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8DFD2B39-2320-4F01-9AEC-1C9F04C1A1B4} - hxxps://filetrac.onlinereportinginc.com/system/ImageUpload.CAB
DPF: {924F03B2-942A-45FF-B8CC-B0D2C16FD913} - hxxps://filetrac.onlinereportinginc.com/system/EXELaunch.CAB
DPF: {C8D803B0-2FA0-49F8-8D6D-6764DE34B2E1} - hxxps://filetrac.onlinereportinginc.com/system/DocumentUpload.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\ac9keejs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\mozilla firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}\components\936e296e-f57e-3b97-6061-846f8fdf20f2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2005-11-28 16384]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-9 731840]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2003-3-30 14336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-15 47640]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2010-2-4 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2005-8-4 848896]
R3 allkeys01;allkeys01;c:\windows\system32\drivers\allkeys01.sys [2008-10-26 12952]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-2-1 49792]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-7-10 25824]
S2 SELSAUSBHW;%SELSAUSBHW.SvcDesc%;c:\windows\system32\drivers\SELSAUSB.SYS [2005-1-3 176220]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" --> c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [?]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2005-9-27 27328]
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;c:\windows\system32\drivers\MA401RB.sys [2004-9-17 593920]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-1-14 139264]

============== File Associations ===============

.reg=Regedit.Document

=============== Created Last 30 ================

2010-04-13 17:35:36 5962 ----a-w- c:\documents and settings\mike\Select for Payment_5.pdf
2010-04-12 20:31:25 954098 ----a-w- c:\documents and settings\mike\IMG_0119.jpg
2010-04-12 19:37:28 16850 ----a-w- c:\documents and settings\mike\Est_Stan_1052_from_FIVE_STA (1).pdf
2010-04-10 02:01:09 16850 ----a-w- c:\documents and settings\mike\Est_Stan_1052_from_FIVE_STA.pdf
2010-04-06 03:39:51 162 ---ha-w- c:\documents and settings\mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
2010-04-06 03:12:37 8402915 ----a-w- c:\documents and settings\mike\408Wiged Foot Contract 001.pdf
2010-04-06 02:54:27 22381 ----a-w- c:\documents and settings\mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
2010-03-31 04:33:23 230558 ----a-w- c:\documents and settings\mike\1171752931.jfx
2010-03-30 17:05:01 636933 ----a-w- c:\documents and settings\mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
2010-03-30 15:48:00 23610 ----a-w- c:\documents and settings\mike\1133617237 (1).jfx
2010-03-30 14:06:30 5990 ----a-w- c:\documents and settings\mike\Select for Payment_1.pdf
2010-03-29 18:47:23 636933 ----a-w- c:\documents and settings\mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
2010-03-29 14:10:06 682902 ----a-w- c:\documents and settings\mike\803668142 (2).jfx
2010-03-26 20:16:33 44016 ----a-w- c:\documents and settings\mike\1116579034.jfx
2010-03-26 18:20:40 23610 ----a-w- c:\documents and settings\mike\1133617237.jfx
2010-03-25 02:02:44 402632 ----a-w- c:\documents and settings\mike\1116901836.jfx
2010-03-24 01:53:00 341436 ----a-w- c:\documents and settings\mike\PrintBlank_5929CAC2-BDC0-468E-A407-E15A8AABF0C5_forOuput.pdf
2010-03-24 01:50:52 108697 ----a-w- c:\documents and settings\mike\PrintBlank_663A646A-6DE0-419B-8A82-3E82314DE530_forOuput.pdf
2010-03-18 16:13:50 0 d-----w- c:\docume~1\mike\applic~1\Malwarebytes
2010-03-18 16:13:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 16:13:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-18 16:13:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 16:13:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 19:41:09 7868 ----a-w- c:\documents and settings\mike\FW_ New Claim Assignment - File #1001419 (1).eml
2010-03-15 13:22:00 87734 ----a-w- c:\documents and settings\mike\HomeOwnerPacketrevpdf (1).pdf

==================== Find3M ====================

2010-04-08 19:09:13 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-02-26 04:21:18 88 --sh--r- c:\docume~1\alluse~1\applic~1\BBEB50A05B.sys
2010-02-02 14:18:42 1915392 ----a-w- c:\windows\system32\5006d63d-ab34-2f50-77a2-367bdeab8043.dll
2008-10-29 12:23:43 80 --sha-r- c:\windows\system32\B0CE35F0A7.dll
2008-04-18 02:41:26 32768 --sha-w- c:\windows\temp\history\history.ie5\mshist012008041820080419\index.dat
2008-12-21 19:31:32 32768 --sha-w- c:\windows\temp\history\history.ie5\mshist012008122120081222\index.dat

============= FINISH: 8:57:21.00 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2004 6:18:15 AM
System Uptime: 4/13/2010 8:52:29 AM (24 hours ago)

Motherboard: Compal | | 08A0
Processor: AMD Athlon™ XP Processor 3000+ | Socket A | 797/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 148.672 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 466 GiB total, 441.639 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1027: 1/14/2010 6:52:34 PM - System Checkpoint
RP1028: 1/16/2010 9:24:49 AM - System Checkpoint
RP1029: 1/17/2010 10:11:39 AM - System Checkpoint
RP1030: 1/18/2010 9:14:58 PM - Installed Sprite Backup
RP1031: 1/18/2010 9:16:51 PM - Installed Sprite Terminator
RP1032: 1/21/2010 5:03:14 PM - 1-21-10
RP1033: 1/21/2010 5:23:28 PM - Installed Windows XP KB954708.
RP1034: 1/21/2010 5:23:57 PM - Installed DirectX
RP1035: 1/21/2010 5:42:14 PM - Configured YouSendIt Plug-in for Outlook
RP1036: 1/21/2010 9:04:13 PM - Unsigned printer driver Roland CAMM-1 PNC-1000 installed.
RP1037: 1/22/2010 11:26:11 PM - System Checkpoint
RP1038: 1/24/2010 7:39:17 PM - System Checkpoint
RP1039: 1/26/2010 10:50:10 AM - System Checkpoint
RP1040: 1/27/2010 11:28:53 AM - System Checkpoint
RP1041: 1/27/2010 1:17:52 PM - Restore Operation
RP1042: 1/27/2010 1:48:47 PM - Installed %1 %2.
RP1043: 1/27/2010 1:48:56 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1044: 1/27/2010 2:16:41 PM - Installed Windows KB954550-v5.
RP1045: 1/27/2010 2:17:04 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1046: 1/28/2010 2:22:15 PM - System Checkpoint
RP1047: 1/30/2010 2:13:46 PM - Removed Microsoft .NET Framework 2.0 Service Pack 2
RP1048: 1/30/2010 3:53:46 PM - 1-30-10 3:51PM
RP1049: 1/30/2010 4:05:26 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1050: 1/31/2010 4:07:49 PM - System Checkpoint
RP1051: 2/1/2010 9:53:09 AM - Microsoft Office Access database engine 2007 (German) wird installiert
RP1052: 2/2/2010 12:20:19 PM - System Checkpoint
RP1053: 2/3/2010 3:58:46 PM - System Checkpoint
RP1054: 2/4/2010 4:37:27 PM - System Checkpoint
RP1055: 2/8/2010 10:18:33 AM - System Checkpoint
RP1056: 2/11/2010 10:25:45 AM - Restore Operation
RP1057: 2/12/2010 11:16:06 AM - System Checkpoint
RP1058: 2/13/2010 3:32:07 PM - System Checkpoint
RP1059: 2/14/2010 5:17:01 PM - System Checkpoint
RP1060: 2/15/2010 5:24:39 PM - System Checkpoint
RP1061: 2/16/2010 5:25:35 PM - System Checkpoint
RP1062: 2/21/2010 12:29:39 PM - System Checkpoint
RP1063: 2/26/2010 12:31:53 PM - System Checkpoint
RP1064: 3/1/2010 5:38:04 PM - 3-1-10
RP1065: 3/1/2010 6:11:13 PM - Installed Microsoft Office FrontPage 2003
RP1066: 3/2/2010 9:01:21 AM - Installed WeatherBug
RP1067: 3/5/2010 5:27:49 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
RP1068: 3/16/2010 11:57:33 AM - System Checkpoint
RP1069: 3/18/2010 11:16:35 AM - OTL Restore Point
RP1070: 3/20/2010 5:04:12 PM - System Checkpoint
RP1071: 3/21/2010 5:13:07 PM - System Checkpoint
RP1072: 3/25/2010 8:37:03 PM - System Checkpoint
RP1073: 3/25/2010 10:16:34 PM - Unsigned driver install
RP1074: 3/27/2010 9:14:05 PM - System Checkpoint
RP1075: 3/29/2010 11:47:34 AM - System Checkpoint
RP1076: 3/30/2010 4:40:41 PM - System Checkpoint
RP1077: 4/1/2010 1:21:15 AM - System Checkpoint
RP1078: 4/4/2010 8:19:52 PM - System Checkpoint
RP1079: 4/6/2010 6:25:50 AM - System Checkpoint
RP1080: 4/7/2010 8:13:07 AM - System Checkpoint
RP1081: 4/8/2010 8:15:20 AM - System Checkpoint
RP1082: 4/9/2010 8:37:54 AM - System Checkpoint
RP1083: 4/10/2010 10:05:20 AM - System Checkpoint
RP1084: 4/11/2010 1:22:13 PM - System Checkpoint
RP1085: 4/12/2010 6:20:26 PM - System Checkpoint
RP1086: 4/13/2010 7:10:13 PM - System Checkpoint

==== Installed Programs ======================

Aces High II
Ad-Aware
Ad-Aware SE Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
Agere Systems AC'97 Modem
AllKeys DEP Compatability
AllKeys Macro 2.21
AnswerWorks 5.0 English Runtime
AnswerWorks Runtime
Anywhere Map Pro v2.1 Build 10 Full Install
Anywhere Map XP v2.0 Build 8 Full Install
AOPA's Real-Time Flight Planner 1.2.3
Apple Application Support
Apple Software Update
Art Vista Virtual Grand Piano
Athlon 64 Processor Driver
AutoCAD 2000i
AVS DVD Copy version 3.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Best-Charts trial version 4.50.1
Burn4Free CD and DVD
BVSInstall
Calculator Powertoy for Windows XP
Canon MP470 series
CCleaner (remove only)
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Corel Applications
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Extra Content
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Extra Content
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
Digidesign Dynamics III 6.9
Digidesign Pro Tools Documentation 7.0
Digidesign Pro Tools M-Powered 7.0
Digidesign Shared Plug-Ins 7.0
Digidesign Strike 1.0
DiscWizard for Windows
Diskeeper Lite
DTC DUAT
DVD43 v4.4.1
Easy Internet Sign-up
eFax Messenger 4.1
eMule
ESET Online Scanner v3
ESET Smart Security
ExifPro 1.0 Photo Viewer
FileZilla Client 3.1.2
FinePrint
Firewire Family
FlexiSTARTER Seiki Edition
FOX News Live
FOX News Live Stream
Free Bomb Factory Plug-Ins 7.0
Google Earth
GoToMeeting 4.1.0.366
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP Deskjet Preloaded Printer Drivers
HP Help and Support
HP Notebook LidSwitch Policy
HP Update
HpSdpAppCoreApp
HTML Slideshow Powertoy for Windows XP
iDEN Download Apps Utility
iDEN Phonebook Manager
IKEA HomePlanner Kitchen
iLok Client Helper
Image Minimizer
Image Resizer Powertoy for Windows XP
ImgBurn
Inkscape 0.47
IntegriClaim
InterActual Player
InterLok Driver Kit
Internet Explorer 7 Beta 2
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 3
Junk Mail filter update
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Architecture Pack 1
LightScribe Template Designs - Nature Pack 1
LightScribe Template Labeler
Linksys EasyLink Advisor
Logitech Gaming Software
LogMeIn
Macromedia Flash Player 8
Macromedia Shockwave Player
MacroWorks II
Madden NFL ™ 2001
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 1.0 SP2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Combat Flight Simulator
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.01
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Location Finder
Microsoft Money 2006 System Pack
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2000 Small Business
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access database engine 2007 (German)
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Embedding Fonts Tool (III)
Microsoft Works 7.0
MioNet
MortScript
Mozilla Firefox (3.6.3)
Mozilla Sunbird (0.2)
Mozilla Sunbird (0.9)
Mozilla Thunderbird (2.0.0.17)
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Native Instruments B4 II
No-IP.com DUC (remove only)
NVIDIA Drivers
NVIDIA GART Driver
Outlook2iDen
Patiences
PCI 1620 Cardbus Controller and Software
PDF-Tools 4
PDF-Viewer
pdfFactory Pro
Photosmart 140,240,7200,7600,7700,7900 Series
PSShortcutsP
Quick Launch Buttons 4.20 E1
Quicken 2009
QuicKeys
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Residential Component Technology - Standalone
REXplorer Component Upgrade
ScreenPrint32 v3.5
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Sentinel Protection Installer 7.5.0
Shipping Assistant 3.6
SignBlazer Elements for USCutter release 6.0.21
SignBlazer5.5 XP buttons
SignCut (remove only)
SimpleOCR 3.1
Sonic Update Manager
SoundMAX
Sprite Backup
Sprite Terminator
Spy Cleaner Gold 9.8 Trial Version
SpywareBlaster 4.2
SRS Audio Sandbox
StuffIt Standard
The Simpsons Movie Screen Saver
The Worksite CD - National Edition Summer 2003
TI1620/1520
TimewARP 2600 v1.10
TitleBarClock
TiVo Desktop
TomTom HOME
Tweak UI
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Reader (SA6SE)
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Voyager 4 Flight Software System
WD Anywhere Backup
WD Drive Manager (x86)
WeatherBug
WebEQ Trial
WebFldrs XP
Windows Backup Utility
Windows Communication Foundation
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
X-keys Legend Maker
XML Paper Specification Shared Components Pack 1.0
YouSendIt Plug-in for Outlook
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

4/9/2010 9:49:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MemeoBackgroundService service to connect.
4/9/2010 9:49:36 AM, error: Service Control Manager [7000] - The WD Drive Manager Service service failed to start due to the following error: The system cannot find the path specified.
4/9/2010 9:49:36 AM, error: Service Control Manager [7000] - The %SELSAUSBHW.SvcDesc% service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/7/2010 8:58:14 AM, error: TermServDevices [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:11 PM

Posted 18 April 2010 - 09:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 18 April 2010 - 09:57 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 22:52:57.30 on Sun 04/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.421 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SPYCLE~2\SpyWatcher.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AllKeys\AllKeys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\TitleBarClock\TBC.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Streets & Trips 2009\StreetsOlkShim.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\eFax Messenger 4.1\J2GPlus.exe
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/index.html
uInternet Connection Wizard,ShellNext = iexplore
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf viewer\PDFXCviewIEPlugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [AllKeysMacro] c:\program files\allkeys\AllKeys.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Spy Watcher] "c:\progra~1\spycle~2\SpyWatcher.exe" -S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
mRun: [nwiz] nwiz.exe /install
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\titleb~1.lnk - c:\program files\titlebarclock\TBC.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: onlinereportinginc.com\filetrac
Trusted Zone: rexplorer.net
Trusted Zone: rexplorer.net\atl
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095460271703
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8DFD2B39-2320-4F01-9AEC-1C9F04C1A1B4} - hxxps://filetrac.onlinereportinginc.com/system/ImageUpload.CAB
DPF: {924F03B2-942A-45FF-B8CC-B0D2C16FD913} - hxxps://filetrac.onlinereportinginc.com/system/EXELaunch.CAB
DPF: {C8D803B0-2FA0-49F8-8D6D-6764DE34B2E1} - hxxps://filetrac.onlinereportinginc.com/system/DocumentUpload.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\ac9keejs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\mozilla firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}\components\936e296e-f57e-3b97-6061-846f8fdf20f2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2005-11-28 16384]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-9 731840]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2003-3-30 14336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-15 47640]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2010-2-4 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2005-8-4 848896]
R3 allkeys01;allkeys01;c:\windows\system32\drivers\allkeys01.sys [2008-10-26 12952]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-2-1 49792]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-7-10 25824]
S2 SELSAUSBHW;%SELSAUSBHW.SvcDesc%;c:\windows\system32\drivers\SELSAUSB.SYS [2005-1-3 176220]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" --> c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [?]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2005-9-27 27328]
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;c:\windows\system32\drivers\MA401RB.sys [2004-9-17 593920]
S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-1-14 139264]

============== File Associations ===============

.reg=Regedit.Document

=============== Created Last 30 ================

2010-04-15 20:55:06 402632 ----a-w- c:\documents and settings\mike\1116901836 (1).jfx
2010-04-15 20:54:52 23610 ----a-w- c:\documents and settings\mike\1133617237 (2).jfx
2010-04-15 20:54:16 135568 ----a-w- c:\documents and settings\mike\1165963736.jfx
2010-04-15 20:53:58 102022 ----a-w- c:\documents and settings\mike\1171787238.jfx
2010-04-15 20:53:37 129996 ----a-w- c:\documents and settings\mike\1171806532.jfx
2010-04-13 17:35:36 5962 ----a-w- c:\documents and settings\mike\Select for Payment_5.pdf
2010-04-12 20:31:25 954098 ----a-w- c:\documents and settings\mike\IMG_0119.jpg
2010-04-12 19:37:28 16850 ----a-w- c:\documents and settings\mike\Est_Stan_1052_from_FIVE_STA (1).pdf
2010-04-10 02:01:09 16850 ----a-w- c:\documents and settings\mike\Est_Stan_1052_from_FIVE_STA.pdf
2010-04-06 03:39:51 162 ---ha-w- c:\documents and settings\mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
2010-04-06 03:12:37 8402915 ----a-w- c:\documents and settings\mike\408Wiged Foot Contract 001.pdf
2010-04-06 02:54:27 22381 ----a-w- c:\documents and settings\mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
2010-03-31 04:33:23 230558 ----a-w- c:\documents and settings\mike\1171752931.jfx
2010-03-30 17:05:01 636933 ----a-w- c:\documents and settings\mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
2010-03-30 15:48:00 23610 ----a-w- c:\documents and settings\mike\1133617237 (1).jfx
2010-03-30 14:06:30 5990 ----a-w- c:\documents and settings\mike\Select for Payment_1.pdf
2010-03-29 18:47:23 636933 ----a-w- c:\documents and settings\mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
2010-03-29 14:10:06 682902 ----a-w- c:\documents and settings\mike\803668142 (2).jfx
2010-03-26 20:16:33 44016 ----a-w- c:\documents and settings\mike\1116579034.jfx
2010-03-26 18:20:40 23610 ----a-w- c:\documents and settings\mike\1133617237.jfx
2010-03-25 02:02:44 402632 ----a-w- c:\documents and settings\mike\1116901836.jfx
2010-03-24 01:53:00 341436 ----a-w- c:\documents and settings\mike\PrintBlank_5929CAC2-BDC0-468E-A407-E15A8AABF0C5_forOuput.pdf
2010-03-24 01:50:52 108697 ----a-w- c:\documents and settings\mike\PrintBlank_663A646A-6DE0-419B-8A82-3E82314DE530_forOuput.pdf

==================== Find3M ====================

2010-04-08 19:09:13 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-02-26 04:21:18 88 --sh--r- c:\docume~1\alluse~1\applic~1\BBEB50A05B.sys
2010-02-02 14:18:42 1915392 ----a-w- c:\windows\system32\5006d63d-ab34-2f50-77a2-367bdeab8043.dll
2008-10-29 12:23:43 80 --sha-r- c:\windows\system32\B0CE35F0A7.dll
2008-04-18 02:41:26 32768 --sha-w- c:\windows\temp\history\history.ie5\mshist012008041820080419\index.dat
2008-12-21 19:31:32 32768 --sha-w- c:\windows\temp\history\history.ie5\mshist012008122120081222\index.dat

============= FINISH: 22:53:31.49 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2004 6:18:15 AM
System Uptime: 4/15/2010 4:26:00 PM (78 hours ago)

Motherboard: Compal | | 08A0
Processor: AMD Athlon™ XP Processor 3000+ | Socket A | 798/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 148.268 GiB free.
D: is CDROM (CDFS)
E: is FIXED (FAT32) - 466 GiB total, 441.64 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1030: 1/18/2010 9:14:58 PM - Installed Sprite Backup
RP1031: 1/18/2010 9:16:51 PM - Installed Sprite Terminator
RP1032: 1/21/2010 5:03:14 PM - 1-21-10
RP1033: 1/21/2010 5:23:28 PM - Installed Windows XP KB954708.
RP1034: 1/21/2010 5:23:57 PM - Installed DirectX
RP1035: 1/21/2010 5:42:14 PM - Configured YouSendIt Plug-in for Outlook
RP1036: 1/21/2010 9:04:13 PM - Unsigned printer driver Roland CAMM-1 PNC-1000 installed.
RP1037: 1/22/2010 11:26:11 PM - System Checkpoint
RP1038: 1/24/2010 7:39:17 PM - System Checkpoint
RP1039: 1/26/2010 10:50:10 AM - System Checkpoint
RP1040: 1/27/2010 11:28:53 AM - System Checkpoint
RP1041: 1/27/2010 1:17:52 PM - Restore Operation
RP1042: 1/27/2010 1:48:47 PM - Installed %1 %2.
RP1043: 1/27/2010 1:48:56 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1044: 1/27/2010 2:16:41 PM - Installed Windows KB954550-v5.
RP1045: 1/27/2010 2:17:04 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1046: 1/28/2010 2:22:15 PM - System Checkpoint
RP1047: 1/30/2010 2:13:46 PM - Removed Microsoft .NET Framework 2.0 Service Pack 2
RP1048: 1/30/2010 3:53:46 PM - 1-30-10 3:51PM
RP1049: 1/30/2010 4:05:26 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1050: 1/31/2010 4:07:49 PM - System Checkpoint
RP1051: 2/1/2010 9:53:09 AM - Microsoft Office Access database engine 2007 (German) wird installiert
RP1052: 2/2/2010 12:20:19 PM - System Checkpoint
RP1053: 2/3/2010 3:58:46 PM - System Checkpoint
RP1054: 2/4/2010 4:37:27 PM - System Checkpoint
RP1055: 2/8/2010 10:18:33 AM - System Checkpoint
RP1056: 2/11/2010 10:25:45 AM - Restore Operation
RP1057: 2/12/2010 11:16:06 AM - System Checkpoint
RP1058: 2/13/2010 3:32:07 PM - System Checkpoint
RP1059: 2/14/2010 5:17:01 PM - System Checkpoint
RP1060: 2/15/2010 5:24:39 PM - System Checkpoint
RP1061: 2/16/2010 5:25:35 PM - System Checkpoint
RP1062: 2/21/2010 12:29:39 PM - System Checkpoint
RP1063: 2/26/2010 12:31:53 PM - System Checkpoint
RP1064: 3/1/2010 5:38:04 PM - 3-1-10
RP1065: 3/1/2010 6:11:13 PM - Installed Microsoft Office FrontPage 2003
RP1066: 3/2/2010 9:01:21 AM - Installed WeatherBug
RP1067: 3/5/2010 5:27:49 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
RP1068: 3/16/2010 11:57:33 AM - System Checkpoint
RP1069: 3/18/2010 11:16:35 AM - OTL Restore Point
RP1070: 3/20/2010 5:04:12 PM - System Checkpoint
RP1071: 3/21/2010 5:13:07 PM - System Checkpoint
RP1072: 3/25/2010 8:37:03 PM - System Checkpoint
RP1073: 3/25/2010 10:16:34 PM - Unsigned driver install
RP1074: 3/27/2010 9:14:05 PM - System Checkpoint
RP1075: 3/29/2010 11:47:34 AM - System Checkpoint
RP1076: 3/30/2010 4:40:41 PM - System Checkpoint
RP1077: 4/1/2010 1:21:15 AM - System Checkpoint
RP1078: 4/4/2010 8:19:52 PM - System Checkpoint
RP1079: 4/6/2010 6:25:50 AM - System Checkpoint
RP1080: 4/7/2010 8:13:07 AM - System Checkpoint
RP1081: 4/8/2010 8:15:20 AM - System Checkpoint
RP1082: 4/9/2010 8:37:54 AM - System Checkpoint
RP1083: 4/10/2010 10:05:20 AM - System Checkpoint
RP1084: 4/11/2010 1:22:13 PM - System Checkpoint
RP1085: 4/12/2010 6:20:26 PM - System Checkpoint
RP1086: 4/13/2010 7:10:13 PM - System Checkpoint
RP1087: 4/14/2010 7:58:52 PM - System Checkpoint
RP1088: 4/15/2010 12:52:46 PM - Configured Microsoft Office Small Business 2007
RP1089: 4/16/2010 2:31:45 PM - System Checkpoint
RP1090: 4/17/2010 3:07:16 PM - System Checkpoint
RP1091: 4/18/2010 5:06:10 PM - System Checkpoint

==== Installed Programs ======================

Aces High II
Ad-Aware
Ad-Aware SE Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
Agere Systems AC'97 Modem
AllKeys DEP Compatability
AllKeys Macro 2.21
AnswerWorks 5.0 English Runtime
AnswerWorks Runtime
Anywhere Map Pro v2.1 Build 10 Full Install
Anywhere Map XP v2.0 Build 8 Full Install
AOPA's Real-Time Flight Planner 1.2.3
Apple Application Support
Apple Software Update
Art Vista Virtual Grand Piano
Athlon 64 Processor Driver
AutoCAD 2000i
AVS DVD Copy version 3.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Best-Charts trial version 4.50.1
Burn4Free CD and DVD
BVSInstall
Calculator Powertoy for Windows XP
Canon MP470 series
CCleaner (remove only)
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Corel Applications
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Extra Content
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Extra Content
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
Digidesign Dynamics III 6.9
Digidesign Pro Tools Documentation 7.0
Digidesign Pro Tools M-Powered 7.0
Digidesign Shared Plug-Ins 7.0
Digidesign Strike 1.0
DiscWizard for Windows
Diskeeper Lite
DTC DUAT
DVD43 v4.4.1
Easy Internet Sign-up
eFax Messenger 4.1
eMule
ESET Online Scanner v3
ESET Smart Security
ExifPro 1.0 Photo Viewer
FileZilla Client 3.1.2
FinePrint
Firewire Family
FlexiSTARTER Seiki Edition
FOX News Live
FOX News Live Stream
Free Bomb Factory Plug-Ins 7.0
Google Earth
GoToMeeting 4.1.0.366
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP Deskjet Preloaded Printer Drivers
HP Help and Support
HP Notebook LidSwitch Policy
HP Update
HpSdpAppCoreApp
HTML Slideshow Powertoy for Windows XP
iDEN Download Apps Utility
iDEN Phonebook Manager
IKEA HomePlanner Kitchen
iLok Client Helper
Image Minimizer
Image Resizer Powertoy for Windows XP
ImgBurn
Inkscape 0.47
IntegriClaim
InterActual Player
InterLok Driver Kit
Internet Explorer 7 Beta 2
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java™ 6 Update 3
Junk Mail filter update
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Architecture Pack 1
LightScribe Template Designs - Nature Pack 1
LightScribe Template Labeler
Linksys EasyLink Advisor
Logitech Gaming Software
LogMeIn
Macromedia Flash Player 8
Macromedia Shockwave Player
MacroWorks II
Madden NFL ™ 2001
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 1.0 SP2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Combat Flight Simulator
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.01
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Location Finder
Microsoft Money 2006 System Pack
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2000 Small Business
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access database engine 2007 (German)
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Embedding Fonts Tool (III)
Microsoft Works 7.0
MioNet
MortScript
Mozilla Firefox (3.6.3)
Mozilla Sunbird (0.2)
Mozilla Sunbird (0.9)
Mozilla Thunderbird (2.0.0.17)
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Native Instruments B4 II
No-IP.com DUC (remove only)
NVIDIA Drivers
NVIDIA GART Driver
Outlook2iDen
Patiences
PCI 1620 Cardbus Controller and Software
PDF-Tools 4
PDF-Viewer
pdfFactory Pro
Photosmart 140,240,7200,7600,7700,7900 Series
PSShortcutsP
Quick Launch Buttons 4.20 E1
Quicken 2009
QuicKeys
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Residential Component Technology - Standalone
REXplorer Component Upgrade
ScreenPrint32 v3.5
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Sentinel Protection Installer 7.5.0
Shipping Assistant 3.6
SignBlazer Elements for USCutter release 6.0.21
SignBlazer5.5 XP buttons
SignCut (remove only)
SimpleOCR 3.1
Sonic Update Manager
SoundMAX
Sprite Backup
Sprite Terminator
Spy Cleaner Gold 9.8 Trial Version
SpywareBlaster 4.2
SRS Audio Sandbox
StuffIt Standard
The Simpsons Movie Screen Saver
The Worksite CD - National Edition Summer 2003
TI1620/1520
TimewARP 2600 v1.10
TitleBarClock
TiVo Desktop
TomTom HOME
Tweak UI
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Reader (SA6SE)
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Voyager 4 Flight Software System
WD Anywhere Backup
WD Drive Manager (x86)
WeatherBug
WebEQ Trial
WebFldrs XP
Windows Backup Utility
Windows Communication Foundation
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
X-keys Legend Maker
XML Paper Specification Shared Components Pack 1.0
YouSendIt Plug-in for Outlook
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

4/15/2010 4:30:05 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1. The master browser is stopping or an election is being forced.
4/12/2010 4:41:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MemeoBackgroundService service to connect.
4/12/2010 4:41:57 PM, error: Service Control Manager [7000] - The WD Drive Manager Service service failed to start due to the following error: The system cannot find the path specified.
4/12/2010 4:41:57 PM, error: Service Control Manager [7000] - The %SELSAUSBHW.SvcDesc% service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/11/2010 1:25:12 AM, error: TermServDevices [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-03 22:52:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\kflyapob.sys


---- System - GMER 1.0.15 ----

SSDT 83B4F630 ZwAssignProcessToJobObject
SSDT sptd.sys ZwCreateKey [0xBA7B10B0]
SSDT sptd.sys ZwEnumerateKey [0xBA7B684C]
SSDT sptd.sys ZwEnumerateValueKey [0xBA7B6BEC]
SSDT sptd.sys ZwOpenKey [0xBA7B1090]
SSDT 83B4EA60 ZwOpenProcess
SSDT 83B4EE80 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xBA7B6CC4]
SSDT sptd.sys ZwQueryValueKey [0xBA7B6B44]
SSDT sptd.sys ZwSetValueKey [0xBA7B6D56]
SSDT 83B4F460 ZwSuspendProcess
SSDT 83B4F280 ZwSuspendThread
SSDT 83B4EC90 ZwTerminateProcess
SSDT 83B4F0B0 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 234 804E2890 4 Bytes JMP DEF583B4
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xBACC8E00]
.text USBPORT.SYS!DllUnload BA28D8AC 5 Bytes JMP 841561B8
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xBAB82F00]
init C:\WINDOWS\System32\Drivers\WOB.SYS entry point in "init" section [0xBAC8D1A0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[320] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Threads - GMER 1.0.15 ----

Thread System [4:524] 83B4D790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1165204336
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -490158429

---- EOF - GMER 1.0.15 ----


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:11 PM

Posted 19 April 2010 - 01:09 PM

Hello, CheleCity
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix





Download and run HAMeb_check.exe
Post the contents of the resulting log.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 19 April 2010 - 07:38 PM

ComboFix 10-04-18.04 - Mike 04/19/2010 20:09:30.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.982 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\Downloads\schrauber.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mike\Local Settings\Application Data\{03FFD0B6-BAE8-4F38-A74D-031D8B53F245}
c:\documents and settings\Mike\Local Settings\Application Data\{03FFD0B6-BAE8-4F38-A74D-031D8B53F245}\chrome\content\_cfg.js
c:\documents and settings\Mike\Local Settings\Application Data\{03FFD0B6-BAE8-4F38-A74D-031D8B53F245}\chrome\content\overlay.xul
c:\documents and settings\Mike\Local Settings\Application Data\{03FFD0B6-BAE8-4F38-A74D-031D8B53F245}\install.rdf
c:\recycler\S-1-5-21-1960408961-1659004503-725345543-1003
c:\recycler\S-1-5-21-3220586061-997177031-3086495598-1003
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\ndisapi.dll
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NDISRD
-------\Legacy_RPCPATCH
-------\Legacy_RPCTFTPD
-------\Legacy_SVCHOST
-------\Service_Iprip
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-03 17:01 . 2010-04-03 17:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ServiceTest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 12:30 . 2009-05-15 22:03 -------- d-----w- c:\program files\LogMeIn
2010-04-15 17:07 . 2009-12-11 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-15 17:06 . 2009-05-15 22:08 -------- d-----w- c:\program files\Microsoft Works
2010-04-09 14:09 . 2009-05-15 22:05 -------- d-----w- c:\program files\Microsoft Streets & Trips 2009
2010-04-08 19:09 . 2010-01-28 02:10 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-08 19:09 . 2010-01-28 02:10 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-06 10:03 . 2010-01-24 18:18 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-03 14:25 . 2009-05-15 21:10 -------- d-----w- c:\documents and settings\Mike\Application Data\WeatherBug
2010-03-31 14:16 . 2009-05-15 21:37 -------- d-----w- c:\program files\AutoCAD 2000i
2010-03-28 00:56 . 2009-05-15 22:20 -------- d-----w- c:\program files\Spy Cleaner Gold Trial
2010-03-18 16:15 . 2010-03-18 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 16:15 . 2010-03-18 16:14 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-18 16:13 . 2010-03-18 16:13 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-03-18 16:13 . 2010-03-18 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-16 14:12 . 2010-01-21 22:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-14 17:38 . 2010-01-22 16:49 -------- d-----w- c:\program files\SignCut
2010-03-11 16:07 . 2009-05-15 20:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:06 . 2009-05-15 22:21 -------- d-----w- c:\program files\SpywareBlaster
2010-03-05 22:27 . 2009-05-15 22:13 -------- d-----w- c:\program files\MSECache
2010-03-02 14:01 . 2010-03-02 14:01 18944 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-03-02 14:01 . 2010-03-02 14:01 11264 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-03-01 23:12 . 2009-05-15 22:03 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-03-01 23:12 . 2010-03-01 23:12 -------- d-----w- c:\program files\Common Files\L&H
2010-02-26 04:21 . 2010-01-28 02:10 88 --sh--r- c:\documents and settings\All Users\Application Data\BBEB50A05B.sys
2010-02-26 04:21 . 2010-01-28 02:10 88 --sh--r- c:\documents and settings\All Users\Application Data\BBEB50A05B.sys
2010-02-26 04:11 . 2010-02-26 04:11 86016 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF100}\ARPPRODUCTICON.exe
2010-02-26 04:11 . 2010-02-26 04:11 10134 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF017}\ARPPRODUCTICON.exe
2010-02-26 04:11 . 2010-02-26 04:11 22758 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF016}\ARPPRODUCTICON.exe
2010-02-26 04:10 . 2010-02-19 03:25 335872 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF014}\NewShortcut2.exe
2010-02-26 04:10 . 2010-02-19 03:25 22758 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF014}\ARPPRODUCTICON.exe
2010-02-26 04:10 . 2010-02-19 03:25 86016 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}\NewShortcut1.exe
2010-02-26 04:10 . 2010-02-19 03:25 22758 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}\ARPPRODUCTICON.exe
2010-02-26 04:10 . 2010-02-19 03:24 335872 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF012}\NewShortcut8.exe
2010-02-26 04:10 . 2010-02-19 03:24 22758 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF012}\ARPPRODUCTICON.exe
2010-02-26 04:09 . 2010-02-26 04:09 10134 ----a-r- c:\documents and settings\Mike\Application Data\Microsoft\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF010}\ARPPRODUCTICON.exe
2010-02-22 20:42 . 2010-01-27 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-19 15:32 . 2004-09-18 02:44 257104 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 15:31 . 2010-01-06 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-02-11 13:31 . 2010-02-09 16:35 120 ----a-w- c:\windows\Yjekubijamehig.dat
2010-02-11 13:31 . 2010-02-09 16:35 0 ----a-w- c:\windows\Enenoz.bin
2010-02-10 04:05 . 2010-02-10 04:05 24 ----a-w- c:\documents and settings\NetworkService\Application Data\sgcpom.dat
2010-02-09 16:30 . 2010-02-09 16:30 24 ----a-w- c:\windows\system32\config\systemprofile\Application Data\sgcpom.dat
2010-02-02 14:18 . 2010-02-02 14:18 1915392 ----a-w- c:\windows\system32\5006d63d-ab34-2f50-77a2-367bdeab8043.dll
2010-01-30 21:14 . 2008-10-06 02:35 390824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-21 22:41 . 2010-01-21 22:40 4410440 ----a-w- c:\documents and settings\Mike\Application Data\YouSendIt\Downloads\YouSendIt_Outlook.exe
2008-10-29 12:23 . 2008-10-29 12:21 80 --sha-r- c:\windows\system32\B0CE35F0A7.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"AllKeysMacro"="c:\program files\AllKeys\AllKeys.exe" [2007-12-21 2539160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spy Watcher"="c:\progra~1\SPYCLE~2\SpyWatcher.exe" [2006-11-20 565248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvMediaCenter"="NvMCTray.dll" [2005-02-24 86016]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
"nwiz"="nwiz.exe" [2005-02-24 1495040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Title Bar Clock.lnk - c:\program files\TitleBarClock\TBC.EXE [2002-8-23 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-08 23:54 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuicKeys Engine.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuicKeys Engine.lnk
backup=c:\windows\pss\QuicKeys Engine.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-03-01 20:05 200766 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
2005-10-26 04:21 61440 ----a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-01-13 16:21 245760 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 02:55 483328 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-05-23 03:03 49152 ----a-w- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAFWTaskbarApp]
2005-09-20 23:17 155648 ----a-w- c:\windows\system32\mafwTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2008-01-14 19:16 32768 ----a-w- c:\program files\MioNet\MioNetLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
2008-06-09 20:43 3215360 ----a-w- c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBC.exe]
2002-08-23 19:39 35840 ----a-w- c:\program files\TitleBarClock\TBC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
2005-08-04 11:14 1860608 ----a-w- c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
2005-08-04 11:12 1123328 ----a-w- c:\program files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2007-03-14 21:52 3770024 ----a-w- c:\program files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)
"Diskeeper"=2 (0x2)
"digiSPTIService"=3 (0x3)
"DigiRefresh"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"LinksysUpdater"=2 (0x2)
"WLTRYSVC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Half-Life\\hl.exe"=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\2.0\\Apps\\PhotoshopAlbum.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\WINDOWS\\system32\\SAiLicSvr.exe"=
"c:\\Program Files\\Seiki\\FlexiSTARTER Seiki Edition\\Program\\App2.exe"=
"c:\\Program Files\\Seiki\\FlexiSTARTER Seiki Edition\\Program\\App.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [11/28/2005 11:40 AM 16384]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/15/2009 7:02 PM 639224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 4:18 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [4/9/2009 4:19 PM 731840]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2/4/2010 12:01 PM 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [7/11/2008 2:02 AM 328992]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/4/2005 7:11 AM 848896]
R3 allkeys01;allkeys01;c:\windows\system32\drivers\allkeys01.sys [10/26/2008 1:20 PM 12952]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2/1/2007 11:28 AM 49792]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [7/10/2008 7:26 PM 25824]
S2 SELSAUSBHW;%SELSAUSBHW.SvcDesc%;c:\windows\system32\drivers\SELSAUSB.SYS [1/3/2005 11:37 PM 176220]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" --> c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [?]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [9/27/2005 3:57 AM 27328]
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;c:\windows\system32\drivers\MA401RB.sys [9/17/2004 9:29 PM 593920]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [1/14/2008 3:14 PM 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/index.html
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: onlinereportinginc.com\filetrac
Trusted Zone: rexplorer.net
Trusted Zone: rexplorer.net\atl
DPF: {8DFD2B39-2320-4F01-9AEC-1C9F04C1A1B4} - hxxps://filetrac.onlinereportinginc.com/system/ImageUpload.CAB
DPF: {924F03B2-942A-45FF-B8CC-B0D2C16FD913} - hxxps://filetrac.onlinereportinginc.com/system/EXELaunch.CAB
DPF: {C8D803B0-2FA0-49F8-8D6D-6764DE34B2E1} - hxxps://filetrac.onlinereportinginc.com/system/DocumentUpload.CAB
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}\components\936e296e-f57e-3b97-6061-846f8fdf20f2.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-MSFox - c:\docume~1\Mike\LOCALS~1\Temp\xxx1874.exe
MSConfigStartUp-wobnjqweriy - c:\windows\system32\yqormqehtrcj.dll
AddRemove-AnswerWorks - c:\program files\WexTech\AnswerWorks\Uninst.isu
AddRemove-DTC DUAT - c:\program files\DTC DUAT\DeIsL1.isu
AddRemove-Madden NFL ™ 2001 - c:\games\EA Sports\Madden 2001\DeIsL1.isu
AddRemove-TimewARP 2600 v1.10 - c:\progra~1\WAYOUT~1\TIMEWA~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x843827AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba770cb8
\Driver\atapi -> atapi.sys @ 0xba70db40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
SecurityProcedure -> ntoskrnl.exe @ 0x8059b3fd
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
SecurityProcedure -> ntoskrnl.exe @ 0x8059b3fd
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba605bd4
PacketIndicateHandler -> NDIS.sys @ 0xba5f3a0d
SendHandler -> NDIS.sys @ 0xba607b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,2c,31,36,f7,25,f0,4f,a0,78,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,2c,31,36,f7,25,f0,4f,a0,78,90,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1388)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\nview.dll
c:\program files\AllKeys\focuschange.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~1\rapimgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-19 20:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-20 00:26

Pre-Run: 159,160,852,480 bytes free
Post-Run: 161,995,083,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AlwaysOff

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2551E93393CE5344160B71D9DAFC2341




C:\Documents and Settings\Mike\Desktop\Downloads\HAMeb_check.exe
Mon 04/19/2010 at 20:35:30.60

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x843827AC]<<
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"=1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP"=1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP"=1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP"=1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP"=1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP"=1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP"=1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP"=1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP"=1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP"=1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP"=1641:TCP:*:Enabled:MioNet Remote Drive Verification


~~ EOF ~~


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:11 PM

Posted 21 April 2010 - 11:43 AM

Hi,

Did you open all these ports?

QUOTE
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 April 2010 - 11:56 AM

Not that I know of. I looked on the internet and MioNet is some kind of remote desktop type program. I don't remember doing that but if I did, I have no use for it. I use remote desktop, and rarely LogMeIn for remote access. I remember calling tech support for something one time and they did something where they could see my computer for support, but I don't remember specifics. I'll be glad to disable if you tell me how. Thanks.

#8 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 April 2010 - 12:00 PM

I see where to disable them in Windows firewall. I will uncheck them and others I don't need

#9 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 April 2010 - 12:08 PM

3389 is Remote Desktop. Active sync synchronises to my smart phone and pda. I don't know why it has to open a port as it hooks directly to computer, not through network.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:11 PM

Posted 21 April 2010 - 02:59 PM

Ok,

Please update your version of malwarebytes and run a quick scan, post back with the content of the logfile.


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 22 April 2010 - 07:48 AM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/21/2010 11:13:08 PM
mbam-log-2010-04-21 (23-13-08).txt

Scan type: Quick scan
Objects scanned: 124041
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 4/21/2010 11:20:06 PM - Run 2
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Mike\Desktop\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 150.91 Gb Free Space | 64.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 441.60 Gb Free Space | 94.84% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQLAPTOP
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/21 16:03:16 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\Downloads\OTL.exe
PRC - [2010/04/04 19:45:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/29 11:08:28 | 001,653,248 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/10/14 21:52:56 | 000,329,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\qw.exe
PRC - [2009/10/08 19:55:02 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/08 19:54:47 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/03/24 12:45:49 | 000,606,208 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
PRC - [2008/11/13 10:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/10/16 10:09:21 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008/06/13 18:48:46 | 000,041,504 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft Streets & Trips 2009\StreetsOlkShim.exe
PRC - [2008/05/01 11:08:44 | 001,212,416 | ---- | M] () -- C:\Program Files\PI Engineering\MacroWorks II\MacroWorks.exe
PRC - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 20:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 20:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 02:22:14 | 002,539,160 | ---- | M] (SeventhDigit) -- C:\Program Files\AllKeys\AllKeys.exe
PRC - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\SAiDownloader.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/11/20 14:34:02 | 000,565,248 | ---- | M] (Topdownloads Networks) -- C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe
PRC - [2006/11/13 13:39:54 | 004,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/27 15:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006/10/27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2006/10/27 15:07:36 | 017,891,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2005/08/04 07:11:54 | 000,848,896 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2003/05/15 21:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
PRC - [2003/03/30 22:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2002/08/23 15:39:52 | 000,035,840 | ---- | M] () -- C:\Program Files\TitleBarClock\TBC.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/21 16:03:16 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\Downloads\OTL.exe
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:12:04 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpsnd.dll
MOD - [2007/12/21 02:22:14 | 000,048,792 | ---- | M] () -- C:\Program Files\AllKeys\focuschange.dll
MOD - [2005/02/23 23:26:00 | 001,458,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2005/02/23 23:26:00 | 001,019,904 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2005/02/23 23:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WDBtnMgrSvc.exe)
SRV - [2009/10/08 19:55:02 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/04/09 16:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/10/16 10:09:21 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/01/14 15:14:28 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/10/26 00:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/10/25 23:06:08 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/08/04 07:11:54 | 000,848,896 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2003/03/30 22:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Disabled | Stopped] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.77
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.7.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {c750eb63-9a7b-df5b-0eea-ba5ce1256fab}:4.6.6.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 19:45:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/11/29 14:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/29 14:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/05/16 10:59:39 | 000,000,000 | ---D | M]

[2009/05/15 16:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/04/20 11:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions
[2010/03/26 09:51:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/12/14 22:02:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/02/11 11:51:51 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/11 11:27:36 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/01/05 13:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/04/09 09:59:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/11 11:27:45 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}(2)
[2010/02/26 12:35:54 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/07/05 15:28:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/03/16 10:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/01/08 15:33:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/11 11:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
[2009/11/12 13:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/09 09:59:51 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009/05/15 17:00:08 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/11/30 11:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\elemhidehelper@adblockplus.org
[2010/04/09 09:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\exif_viewer@mozilla.doslash.org
[2010/02/11 11:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\foxmarks@kei(2).com
[2009/06/09 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\LogMeInClient@logmein.com
[2009/05/15 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Sunbird\Profiles\9ws3wdf4.default\extensions
[2010/01/23 13:05:44 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\searchplugins\bing.xml
[2010/04/20 11:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/03 15:28:14 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}
[2009/09/08 15:01:18 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/04/19 20:19:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKLM..\Run: [Spy Watcher] C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe (Topdownloads Networks)
O4 - HKCU..\Run: [AllKeysMacro] C:\Program Files\AllKeys\AllKeys.exe (SeventhDigit)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-DC6KH.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Title Bar Clock.lnk = C:\Program Files\TitleBarClock\TBC.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: onlinereportinginc.com ([filetrac] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([atl] http in Trusted sites)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} http://support.rexplorer.net/iftw_install//iftwclix.cab (InstallFromTheWeb ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1095460271703 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8DFD2B39-2320-4F01-9AEC-1C9F04C1A1B4} https://filetrac.onlinereportinginc.com/sys...ImageUpload.CAB (ImageUpload.ctrlImageUpload)
O16 - DPF: {924F03B2-942A-45FF-B8CC-B0D2C16FD913} https://filetrac.onlinereportinginc.com/system/EXELaunch.CAB (EXELaunch.EXELaunchControl)
O16 - DPF: {C8D803B0-2FA0-49F8-8D6D-6764DE34B2E1} https://filetrac.onlinereportinginc.com/sys...umentUpload.CAB (DocumentUpload.ctrlDocUpload)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/20 11:09:09 | 000,000,045 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/21 12:49:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/20 12:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/04/20 12:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Audacity
[2010/04/20 12:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/04/19 20:05:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/19 20:03:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 20:03:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 20:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 20:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 20:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 19:55:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/15 16:55:06 | 000,402,632 | ---- | C] () -- C:\Documents and Settings\Mike\1116901836 (1).jfx
[2010/04/15 16:54:52 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237 (2).jfx
[2010/04/15 16:54:16 | 000,135,568 | ---- | C] () -- C:\Documents and Settings\Mike\1165963736.jfx
[2010/04/15 16:53:58 | 000,102,022 | ---- | C] () -- C:\Documents and Settings\Mike\1171787238.jfx
[2010/04/15 16:53:37 | 000,129,996 | ---- | C] () -- C:\Documents and Settings\Mike\1171806532.jfx
[2010/04/15 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/15 12:54:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/14 09:10:46 | 000,011,413 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.TSK
[2010/04/14 09:09:13 | 000,012,964 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/14 00:21:36 | 000,012,994 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).CAL
[2010/04/13 13:35:36 | 000,005,962 | ---- | C] () -- C:\Documents and Settings\Mike\Select for Payment_5.pdf
[2010/04/12 16:31:25 | 000,954,098 | ---- | C] () -- C:\Documents and Settings\Mike\IMG_0119.jpg
[2010/04/12 15:37:28 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA (1).pdf
[2010/04/09 22:01:09 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA.pdf
[2010/04/05 23:39:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/05 23:12:37 | 008,402,915 | ---- | C] () -- C:\Documents and Settings\Mike\408Wiged Foot Contract 001.pdf
[2010/04/05 22:54:27 | 000,022,381 | ---- | C] () -- C:\Documents and Settings\Mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/03 13:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2010/03/31 00:33:23 | 000,230,558 | ---- | C] () -- C:\Documents and Settings\Mike\1171752931.jfx
[2010/03/30 13:05:01 | 000,636,933 | ---- | C] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
[2010/03/30 11:48:00 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237 (1).jfx
[2010/03/30 10:06:30 | 000,005,990 | ---- | C] () -- C:\Documents and Settings\Mike\Select for Payment_1.pdf
[2010/03/29 14:47:23 | 000,636,933 | ---- | C] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
[2010/03/29 10:10:06 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142 (2).jfx
[2010/03/26 16:16:33 | 000,044,016 | ---- | C] () -- C:\Documents and Settings\Mike\1116579034.jfx
[2010/03/26 14:20:40 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237.jfx
[2010/03/24 22:02:44 | 000,402,632 | ---- | C] () -- C:\Documents and Settings\Mike\1116901836.jfx
[2010/03/23 21:53:00 | 000,341,436 | ---- | C] () -- C:\Documents and Settings\Mike\PrintBlank_5929CAC2-BDC0-468E-A407-E15A8AABF0C5_forOuput.pdf
[2010/03/23 21:50:52 | 000,108,697 | ---- | C] () -- C:\Documents and Settings\Mike\PrintBlank_663A646A-6DE0-419B-8A82-3E82314DE530_forOuput.pdf
[2010/03/16 15:41:09 | 000,007,868 | ---- | C] () -- C:\Documents and Settings\Mike\FW_ New Claim Assignment - File #1001419 (1).eml
[2010/03/15 09:22:00 | 000,087,734 | ---- | C] () -- C:\Documents and Settings\Mike\HomeOwnerPacketrevpdf (1).pdf
[2010/03/13 18:31:45 | 000,841,219 | ---- | C] () -- C:\Documents and Settings\Mike\1022409233.jfx
[2010/03/13 15:38:05 | 000,040,324 | ---- | C] () -- C:\Documents and Settings\Mike\1021740230.jfx
[2010/03/12 22:31:22 | 000,118,069 | ---- | C] () -- C:\Documents and Settings\Mike\Document (1).pdf
[2010/03/12 22:29:53 | 000,414,713 | ---- | C] () -- C:\Documents and Settings\Mike\N45XBillofSale (1).pdf
[2010/03/12 17:30:52 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Mike\Actuator Specifications.doc
[2010/03/12 14:29:55 | 000,151,922 | ---- | C] () -- C:\Documents and Settings\Mike\[9601] - ---408-- Winged Foot Drive.pdf
[2010/03/12 14:29:31 | 000,027,804 | ---- | C] () -- C:\Documents and Settings\Mike\Fax-Back Coversheet.pdf
[2010/03/12 09:42:14 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142 (1).jfx
[2010/03/11 22:32:48 | 000,007,868 | ---- | C] () -- C:\Documents and Settings\Mike\FW_ New Claim Assignment - File #1001419.eml
[2010/03/10 17:00:51 | 000,259,360 | ---- | C] () -- C:\Documents and Settings\Mike\New Merge.xlsx
[2010/03/08 13:17:08 | 000,414,713 | ---- | C] () -- C:\Documents and Settings\Mike\N45XBillofSale.pdf
[2010/03/05 19:47:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/05 19:16:15 | 000,141,156 | ---- | C] () -- C:\Documents and Settings\Mike\953858539.jfx
[2010/03/05 15:52:49 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Mike\3 FEMA Investigation Packet Checklist Federal Employee SF85P(2)a.doc
[2010/03/05 15:52:06 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Mike\4 - Credit Release.doc
[2010/03/05 15:46:03 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Mike\1 e-QIP Introduction Letter SF85P fed emp 2009 (1).doc
[2010/03/04 18:21:36 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Mike\1 e-QIP Introduction Letter SF85P fed emp 2009.doc
[2010/03/04 18:20:44 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mike\NOTICE.doc
[2010/03/03 23:21:08 | 000,323,752 | ---- | C] () -- C:\Documents and Settings\Mike\1406365844.jfx
[2010/03/03 23:20:10 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike\lease (Robbin Brown)Phillips (1).doc
[2010/02/26 14:07:47 | 000,035,128 | ---- | C] () -- C:\Documents and Settings\Mike\N45X bill of sale (1).pdf
[2010/02/25 14:51:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X (2).doc
[2010/02/25 14:26:21 | 000,030,112 | ---- | C] () -- C:\Documents and Settings\Mike\FORM - HIPAA Release.pdf
[2010/02/25 09:55:34 | 000,118,069 | ---- | C] () -- C:\Documents and Settings\Mike\Document.pdf
[2010/02/23 13:07:03 | 002,652,748 | ---- | C] () -- C:\Documents and Settings\Mike\PschoDogs.wmv
[2010/02/22 14:01:48 | 000,525,428 | ---- | C] () -- C:\Documents and Settings\Mike\mipmcarcggseedstart.pdf
[2010/02/18 11:21:11 | 000,119,328 | ---- | C] () -- C:\Documents and Settings\Mike\57915234-54797612 (1).pdf
[2010/02/18 11:17:27 | 000,119,328 | ---- | C] () -- C:\Documents and Settings\Mike\57915234-54797612.pdf
[2010/02/17 10:50:25 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142.jfx
[2010/02/16 21:33:07 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Mike\REvisedHoPFeb 5 2010.doc
[2010/02/10 00:05:30 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
[2010/02/08 11:18:17 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/02/04 10:33:53 | 000,018,779 | ---- | C] () -- C:\Documents and Settings\Mike\CHILDERS EST.pdf
[2010/02/04 09:54:28 | 000,026,548 | ---- | C] () -- C:\Documents and Settings\Mike\45XFax[1].pdf
[2010/02/04 09:53:58 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X (1).doc
[2010/01/29 15:45:10 | 000,044,690 | ---- | C] () -- C:\Documents and Settings\Mike\614739535 (1).jfx
[2010/01/27 22:10:45 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\BBEB50A05B.sys
[2010/01/27 22:10:44 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/01/26 00:04:30 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\Mike\.recently-used.xbel
[2010/01/25 16:22:02 | 000,044,690 | ---- | C] () -- C:\Documents and Settings\Mike\614739535.jfx
[2010/01/22 11:35:13 | 000,035,128 | ---- | C] () -- C:\Documents and Settings\Mike\N45X bill of sale.pdf
[2010/01/21 21:33:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\~$ll of Sale Set Aside Document N45X.doc
[2010/01/21 21:33:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X.doc
[2010/01/21 10:47:03 | 004,933,932 | ---- | C] () -- C:\Documents and Settings\Mike\Becarefulpullingout.wmv
[2010/01/19 13:43:23 | 000,087,734 | ---- | C] () -- C:\Documents and Settings\Mike\HomeOwnerPacketrevpdf.pdf
[2010/01/18 10:46:30 | 002,499,072 | ---- | C] () -- C:\Documents and Settings\Mike\CENTER_OF_THE_BIBLE.pps
[2010/01/12 14:45:42 | 000,009,107 | ---- | C] () -- C:\Documents and Settings\Mike\FOREPLAY.mid
[2009/12/30 09:57:20 | 000,139,631 | ---- | C] () -- C:\Documents and Settings\Mike\mitchellTBOX.pdf
[2009/12/29 13:39:40 | 000,035,662 | ---- | C] () -- C:\Documents and Settings\Mike\091229108371CT3730XY.pdf
[2009/12/28 17:11:02 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Mike\Getting a Clear id (1).doc
[2009/12/28 17:10:48 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Mike\Placing an order (1).doc
[2009/12/28 17:09:58 | 004,408,830 | ---- | C] () -- C:\Documents and Settings\Mike\clear pricing.pdf
[2009/12/22 23:37:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/12/18 22:22:23 | 008,657,608 | ---- | C] () -- C:\Documents and Settings\Mike\20091217185037.PDF
[2009/12/17 00:08:22 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Mike\Getting a Clear id.doc
[2009/12/16 23:06:27 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Mike\Placing an order.doc
[2009/12/13 16:03:26 | 000,026,966 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2009/12/13 15:27:50 | 000,038,262 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.ADR
[2009/12/03 22:05:36 | 000,070,984 | ---- | C] () -- C:\Documents and Settings\Mike\g2mdlhlpx.exe
[2009/12/02 18:16:08 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\fontdb.mdb
[2009/11/16 13:05:47 | 005,995,308 | ---- | C] () -- C:\Documents and Settings\Mike\BPO Information 408 Winged Foot Drive.pdf
[2009/11/12 11:45:46 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Mike\MIKE CHILDERS.doc
[2009/11/08 21:26:34 | 000,072,648 | ---- | C] () -- C:\Documents and Settings\Mike\Employee Statement.pdf
[2009/11/07 22:04:34 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike\lease (Robbin Brown)Phillips.doc
[2009/11/06 09:05:13 | 003,176,232 | -H-- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2009/10/23 17:05:22 | 006,021,408 | ---- | C] () -- C:\Documents and Settings\Mike\extraordinaire_instrument_de_musique.wmv
[2009/10/22 09:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2009/09/09 08:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/09/08 21:13:07 | 006,681,967 | ---- | C] () -- C:\Documents and Settings\Mike\cockpitviewofshuttlelanding.wmv
[2009/07/16 17:31:42 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\Mike\AE.Init
[2009/07/16 17:31:42 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Mike\AE.Memory
[2009/06/24 09:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/06/21 23:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/05/27 10:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2009/05/26 11:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\TiVo Desktop
[2009/05/18 13:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/05/16 11:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/05/15 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/15 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/15 17:33:14 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Mike\ntuser.dat.LOG
[2009/05/15 16:59:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\$_hpcst$.hpc
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/15 16:59:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/16 12:08:02 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/10/05 22:35:40 | 000,390,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/04/11 10:47:47 | 000,724,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Mike\gotomypc_437.exe
[2008/03/23 21:33:43 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/29 15:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/25 23:59:18 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/04/18 16:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 16:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/09/18 06:19:20 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Mike\Application Data\desktop.ini
[2004/09/18 06:19:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mike\ntuser.ini
[2004/09/18 06:18:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/09/18 06:18:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/09/17 22:44:11 | 000,257,128 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/05/16 14:41:50 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/10/07 04:38:56 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[4 E:\Data\*.tmp files -> E:\Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/21 16:09:41 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/21 16:07:01 | 000,699,904 | ---- | M] () -- C:\WINDOWS\is-DC6KH.exe
[2010/04/21 16:07:01 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-DC6KH.msg
[2010/04/21 16:07:01 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-DC6KH.lst
[2010/04/21 12:32:17 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/04/20 15:36:05 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/04/20 12:39:53 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/20 12:39:06 | 000,047,104 | ---- | M] () -- E:\Data\Phone.xls
[2010/04/19 21:19:57 | 000,257,128 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 20:19:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/19 20:19:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/19 20:19:34 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/19 20:19:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/19 20:18:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/19 20:18:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/19 20:17:07 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/04/19 20:17:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/04/19 20:05:38 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/04/19 19:59:58 | 003,176,232 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/04/15 20:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/15 16:55:06 | 000,402,632 | ---- | M] () -- C:\Documents and Settings\Mike\1116901836 (1).jfx
[2010/04/15 16:54:52 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237 (2).jfx
[2010/04/15 16:54:16 | 000,135,568 | ---- | M] () -- C:\Documents and Settings\Mike\1165963736.jfx
[2010/04/15 16:53:58 | 000,102,022 | ---- | M] () -- C:\Documents and Settings\Mike\1171787238.jfx
[2010/04/15 16:53:37 | 000,129,996 | ---- | M] () -- C:\Documents and Settings\Mike\1171806532.jfx
[2010/04/15 13:14:38 | 000,845,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 12:57:36 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/14 09:10:48 | 000,000,738 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/14 09:10:46 | 000,011,413 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.TSK
[2010/04/14 09:09:57 | 000,038,262 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.ADR
[2010/04/14 09:09:13 | 000,012,964 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/14 00:22:21 | 000,010,594 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\contents.csv
[2010/04/14 00:22:20 | 000,026,966 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2010/04/14 00:21:38 | 000,009,414 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\calender.csv
[2010/04/14 00:21:36 | 000,012,994 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).CAL
[2010/04/13 13:35:36 | 000,005,962 | ---- | M] () -- C:\Documents and Settings\Mike\Select for Payment_5.pdf
[2010/04/12 16:31:25 | 000,954,098 | ---- | M] () -- C:\Documents and Settings\Mike\IMG_0119.jpg
[2010/04/12 15:37:28 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA (1).pdf
[2010/04/09 22:01:09 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA.pdf
[4 E:\Data\*.tmp files -> E:\Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/21 16:07:01 | 000,699,904 | ---- | C] () -- C:\WINDOWS\is-DC6KH.exe
[2010/04/21 16:07:01 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-DC6KH.msg
[2010/04/21 16:07:01 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-DC6KH.lst
[2010/04/20 12:39:53 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/19 20:05:38 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2010/04/19 20:05:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/19 20:03:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 20:03:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 20:03:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 20:03:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 20:03:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/14 00:22:17 | 000,010,594 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\contents.csv
[2010/04/14 00:21:38 | 000,009,414 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\calender.csv
[2010/02/02 10:18:42 | 001,915,392 | ---- | C] () -- C:\WINDOWS\System32\5006d63d-ab34-2f50-77a2-367bdeab8043.dll
[2010/01/21 22:47:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CutMan32.INI
[2010/01/21 22:27:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Signblaz.ini
[2009/10/21 09:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\longfile.INI
[2009/10/21 09:45:24 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\scpext.dll
[2009/05/15 19:02:59 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/12 14:15:57 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
[2008/11/12 11:06:57 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/11/12 11:06:57 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/11/12 11:06:57 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/11/12 11:06:57 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2008/11/11 20:30:31 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EQUALIZER.INI
[2008/10/29 08:21:56 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\B0CE35F0A7.dll
[2008/10/16 00:52:52 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2008/09/04 09:40:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/09/04 09:26:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\DDSSetup.ini
[2006/09/04 09:37:24 | 000,000,539 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/23 15:03:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2005/09/10 22:28:58 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini
[2005/02/18 10:06:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\OKI C5400n(PS).ini
[2005/01/03 23:37:02 | 000,176,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\SELSAUSB.SYS
[2005/01/03 23:37:02 | 000,176,188 | ---- | C] () -- C:\WINDOWS\System32\drivers\LSAUSB.SYS
[2004/12/31 09:22:45 | 000,002,395 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/12/24 19:19:49 | 000,000,236 | ---- | C] () -- C:\WINDOWS\ndw.ini
[2004/09/21 23:00:50 | 000,000,033 | ---- | C] () -- C:\WINDOWS\QkEngine.INI
[2004/09/17 22:33:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/17 21:56:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/09/17 21:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/09/17 16:39:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/16 15:02:25 | 000,000,738 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/16 14:32:59 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/16 14:26:20 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/16 14:25:42 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/16 13:49:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/16 13:49:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/10/07 11:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/30 08:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll

========== LOP Check ==========

[2009/05/15 16:57:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/15 16:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.1 Setup
[2009/05/16 10:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/07/15 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/15 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/05/15 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/10/23 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiK
[2009/05/15 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/05/15 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/03/11 12:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/15 16:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/15 16:58:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2009/05/15 16:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Allume Systems
[2010/04/21 13:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Audacity
[2009/05/15 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Autodesk
[2009/12/02 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\BorWare
[2009/05/15 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\CE Software
[2009/05/15 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Digidesign
[2009/05/16 11:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ESET
[2010/01/14 14:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FileZilla
[2009/05/15 16:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/07/24 10:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ImgBurn
[2010/01/23 23:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\inkscape
[2009/05/15 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\InterVideo
[2010/01/04 19:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\KompoZer
[2009/05/15 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/10/23 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\MiK
[2009/05/15 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\MioNet
[2009/05/15 16:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mjusbsp
[2009/05/15 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PACE Anti-Piracy
[2009/05/15 17:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Seattle Avionics
[2009/05/15 17:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SeventhDigit
[2010/01/24 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SignCut
[2010/01/18 22:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sprite Software
[2009/05/15 17:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Startly
[2009/05/15 17:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Template
[2009/05/15 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Thunderbird
[2010/02/11 11:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\tinySpell
[2009/05/15 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\W Photo Studio Viewer
[2009/05/15 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\WD
[2010/04/03 10:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\WeatherBug
[2010/01/21 18:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/03/30 22:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/28 23:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/05/15 19:02:59 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2003/10/07 04:37:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/10/07 04:37:54 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/10/07 04:37:54 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Program Files\Signmaker X4:{56004D00-6C00-6500-5200-480046007500}
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
PRC - [2010/04/21 16:03:16 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\Downloads\OTL.exe
PRC - [2010/04/04 19:45:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/29 11:08:28 | 001,653,248 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/10/14 21:52:56 | 000,329,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\qw.exe
PRC - [2009/10/08 19:55:02 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/08 19:54:47 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/03/24 12:45:49 | 000,606,208 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
PRC - [2008/11/13 10:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/10/16 10:09:21 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008/06/13 18:48:46 | 000,041,504 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft Streets & Trips 2009\StreetsOlkShim.exe
PRC - [2008/05/01 11:08:44 | 001,212,416 | ---- | M] () -- C:\Program Files\PI Engineering\MacroWorks II\MacroWorks.exe
PRC - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 20:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 20:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 02:22:14 | 002,539,160 | ---- | M] (SeventhDigit) -- C:\Program Files\AllKeys\AllKeys.exe
PRC - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\SAiDownloader.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/11/20 14:34:02 | 000,565,248 | ---- | M] (Topdownloads Networks) -- C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe
PRC - [2006/11/13 13:39:54 | 004,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/27 15:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006/10/27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2006/10/27 15:07:36 | 017,891,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2005/08/04 07:11:54 | 000,848,896 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2003/05/15 21:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
PRC - [2003/03/30 22:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2002/08/23 15:39:52 | 000,035,840 | ---- | M] () -- C:\Program Files\TitleBarClock\TBC.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/21 16:03:16 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\Downloads\OTL.exe
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:12:04 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpsnd.dll
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2007/12/21 02:22:14 | 000,048,792 | ---- | M] () -- C:\Program Files\AllKeys\focuschange.dll
MOD - [2005/02/23 23:26:00 | 001,458,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2005/02/23 23:26:00 | 001,019,904 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2005/02/23 23:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WDBtnMgrSvc.exe)
SRV - [2009/10/08 19:55:02 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/04/09 16:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/10/16 10:09:21 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/01/14 15:14:28 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/10/26 00:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/10/25 23:06:08 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/08/04 07:11:54 | 000,848,896 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2003/03/30 22:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Disabled | Stopped] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/10/22 11:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 11:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/08 19:54:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/08 11:43:28 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/05/15 19:02:59 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/09 16:21:12 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/04/09 16:21:10 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/04/09 16:21:06 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/04/09 16:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/09 16:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/10/03 17:58:34 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\Par1284.sys -- (Par1284)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/09 14:12:06 | 000,018,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/06 04:00:21 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2007/12/21 02:22:14 | 000,012,952 | ---- | M] (AllKeys) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\allkeys01.sys -- (allkeys01)
DRV - [2007/07/26 10:25:12 | 000,039,808 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/10/26 00:19:56 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2005/09/27 09:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/09/27 03:57:14 | 000,027,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2005/09/20 19:17:24 | 000,017,536 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAFWBOOT.sys -- (MAFWBOOT) Bootloader Service for M-Audio FW Driver (WDM)
DRV - [2005/09/20 19:17:20 | 000,182,656 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\deltafw.sys -- (DELTAFW) Service for M-Audio FW Driver (WDM)
DRV - [2005/02/23 23:26:00 | 003,444,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/09/17 21:56:41 | 000,015,584 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/07/01 13:59:40 | 000,070,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/05/08 13:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/03/19 13:40:54 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/18 02:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/18 02:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/12/04 08:29:58 | 000,286,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/12/02 10:27:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/11/07 00:39:32 | 000,049,792 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/10/23 11:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/08 04:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 09:57:52 | 000,007,080 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 07:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2003/03/30 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/30 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/07/04 13:41:48 | 000,593,920 | R--- | M] (NETGEAR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA401RB.sys -- (WLANRB)
DRV - [2001/08/17 03:13:20 | 000,027,164 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3)
DRV - [2001/07/13 15:58:00 | 000,176,220 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SELSAUSB.SYS -- (SELSAUSBHW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.77
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.7.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {c750eb63-9a7b-df5b-0eea-ba5ce1256fab}:4.6.6.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 19:45:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/11/29 14:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/29 14:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/05/16 10:59:39 | 000,000,000 | ---D | M]

[2009/05/15 16:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/04/20 11:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions
[2010/03/26 09:51:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/12/14 22:02:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/02/11 11:51:51 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/11 11:27:36 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/01/05 13:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/04/09 09:59:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/11 11:27:45 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}(2)
[2010/02/26 12:35:54 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/07/05 15:28:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/03/16 10:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/01/08 15:33:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/11 11:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
[2009/11/12 13:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/09 09:59:51 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009/05/15 17:00:08 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/11/30 11:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\elemhidehelper@adblockplus.org
[2010/04/09 09:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\exif_viewer@mozilla.doslash.org
[2010/02/11 11:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\foxmarks@kei(2).com
[2009/06/09 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\LogMeInClient@logmein.com
[2009/05/15 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Sunbird\Profiles\9ws3wdf4.default\extensions
[2010/01/23 13:05:44 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\searchplugins\bing.xml
[2010/04/20 11:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/03 15:28:14 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}
[2009/09/08 15:01:18 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/04/19 20:19:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKLM..\Run: [Spy Watcher] C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe (Topdownloads Networks)
O4 - HKCU..\Run: [AllKeysMacro] C:\Program Files\AllKeys\AllKeys.exe (SeventhDigit)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-DC6KH.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Title Bar Clock.lnk = C:\Program Files\TitleBarClock\TBC.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: onlinereportinginc.com ([filetrac] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([atl] http in Trusted sites)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} http://support.rexplorer.net/iftw_install//iftwclix.cab (InstallFromTheWeb ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1095460271703 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8DFD2B39-2320-4F01-9AEC-1C9F04C1A1B4} https://filetrac.onlinereportinginc.com/sys...ImageUpload.CAB (ImageUpload.ctrlImageUpload)
O16 - DPF: {924F03B2-942A-45FF-B8CC-B0D2C16FD913} https://filetrac.onlinereportinginc.com/system/EXELaunch.CAB (EXELaunch.EXELaunchControl)
O16 - DPF: {C8D803B0-2FA0-49F8-8D6D-6764DE34B2E1} https://filetrac.onlinereportinginc.com/sys...umentUpload.CAB (DocumentUpload.ctrlDocUpload)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/20 11:09:09 | 000,000,045 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/21 12:49:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/20 12:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/04/20 12:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Audacity
[2010/04/20 12:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/04/19 20:05:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/19 20:03:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 20:03:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 20:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 20:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 20:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 19:55:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/15 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/15 12:54:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/03 13:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2010/03/25 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\gmer
[2010/03/05 19:47:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/22 09:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2009/09/09 08:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/24 09:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/06/21 23:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/05/27 10:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2009/05/26 11:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\TiVo Desktop
[2009/05/18 13:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/05/16 11:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/05/15 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/15 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/15 16:59:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/04/11 10:47:47 | 000,724,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Mike\gotomypc_437.exe
[4 E:\Data\*.tmp files -> E:\Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/21 16:09:41 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/21 16:07:01 | 000,699,904 | ---- | M] () -- C:\WINDOWS\is-DC6KH.exe
[2010/04/21 16:07:01 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-DC6KH.msg
[2010/04/21 16:07:01 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-DC6KH.lst
[2010/04/21 12:32:17 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/04/20 15:36:05 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/04/20 12:39:53 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/20 12:39:06 | 000,047,104 | ---- | M] () -- E:\Data\Phone.xls
[2010/04/19 21:19:57 | 000,257,128 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 20:19:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/19 20:19:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/19 20:19:34 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/19 20:19:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/19 20:18:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/19 20:18:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/19 20:17:07 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/04/19 20:17:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/04/19 20:05:38 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/04/19 19:59:58 | 003,176,232 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/04/15 20:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/15 16:55:06 | 000,402,632 | ---- | M] () -- C:\Documents and Settings\Mike\1116901836 (1).jfx
[2010/04/15 16:54:52 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237 (2).jfx
[2010/04/15 16:54:16 | 000,135,568 | ---- | M] () -- C:\Documents and Settings\Mike\1165963736.jfx
[2010/04/15 16:53:58 | 000,102,022 | ---- | M] () -- C:\Documents and Settings\Mike\1171787238.jfx
[2010/04/15 16:53:37 | 000,129,996 | ---- | M] () -- C:\Documents and Settings\Mike\1171806532.jfx
[2010/04/15 13:14:38 | 000,845,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 12:57:36 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/14 09:10:48 | 000,000,738 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/14 09:10:46 | 000,011,413 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.TSK
[2010/04/14 09:09:57 | 000,038,262 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.ADR
[2010/04/14 09:09:13 | 000,012,964 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/14 00:22:21 | 000,010,594 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\contents.csv
[2010/04/14 00:22:20 | 000,026,966 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2010/04/14 00:21:38 | 000,009,414 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\calender.csv
[2010/04/14 00:21:36 | 000,012,994 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).CAL
[2010/04/13 13:35:36 | 000,005,962 | ---- | M] () -- C:\Documents and Settings\Mike\Select for Payment_5.pdf
[2010/04/12 16:31:25 | 000,954,098 | ---- | M] () -- C:\Documents and Settings\Mike\IMG_0119.jpg
[2010/04/12 15:37:28 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA (1).pdf
[2010/04/09 22:01:09 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA.pdf
[2010/04/06 06:03:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 23:39:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/05 23:12:38 | 008,402,915 | ---- | M] () -- C:\Documents and Settings\Mike\408Wiged Foot Contract 001.pdf
[2010/04/05 22:54:28 | 000,022,381 | ---- | M] () -- C:\Documents and Settings\Mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/01 20:10:09 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\temp.jpg
[2010/03/31 00:33:23 | 000,230,558 | ---- | M] () -- C:\Documents and Settings\Mike\1171752931.jfx
[2010/03/30 13:05:01 | 000,636,933 | ---- | M] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
[2010/03/30 11:48:00 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237 (1).jfx
[2010/03/30 10:06:30 | 000,005,990 | ---- | M] () -- C:\Documents and Settings\Mike\Select for Payment_1.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 14:47:23 | 000,636,933 | ---- | M] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
[2010/03/29 10:10:06 | 000,682,902 | ---- | M] () -- C:\Documents and Settings\Mike\803668142 (2).jfx
[2010/03/28 11:52:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\OKI C5400n(PS).ini
[2010/03/26 16:16:33 | 000,044,016 | ---- | M] () -- C:\Documents and Settings\Mike\1116579034.jfx
[2010/03/26 14:20:40 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237.jfx
[2010/03/25 23:16:31 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2010/03/25 17:51:20 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/25 17:13:50 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\IntegriClaim.lnk
[2010/03/24 22:02:44 | 000,402,632 | ---- | M] () -- C:\Documents and Settings\Mike\1116901836.jfx
[2010/03/23 21:53:00 | 000,341,436 | ---- | M] () -- C:\Documents and Settings\Mike\PrintBlank_5929CAC2-BDC0-468E-A407-E15A8AABF0C5_forOuput.pdf
[2010/03/23 21:50:52 | 000,108,697 | ---- | M] () -- C:\Documents and Settings\Mike\PrintBlank_663A646A-6DE0-419B-8A82-3E82314DE530_forOuput.pdf
[4 E:\Data\*.tmp files -> E:\Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/21 16:07:01 | 000,699,904 | ---- | C] () -- C:\WINDOWS\is-DC6KH.exe
[2010/04/21 16:07:01 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-DC6KH.msg
[2010/04/21 16:07:01 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-DC6KH.lst
[2010/04/20 12:39:53 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/19 20:05:38 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2010/04/19 20:05:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/19 20:03:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 20:03:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 20:03:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 20:03:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 20:03:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/15 16:55:06 | 000,402,632 | ---- | C] () -- C:\Documents and Settings\Mike\1116901836 (1).jfx
[2010/04/15 16:54:52 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237 (2).jfx
[2010/04/15 16:54:16 | 000,135,568 | ---- | C] () -- C:\Documents and Settings\Mike\1165963736.jfx
[2010/04/15 16:53:58 | 000,102,022 | ---- | C] () -- C:\Documents and Settings\Mike\1171787238.jfx
[2010/04/15 16:53:37 | 000,129,996 | ---- | C] () -- C:\Documents and Settings\Mike\1171806532.jfx
[2010/04/14 09:10:46 | 000,011,413 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.TSK
[2010/04/14 09:09:13 | 000,012,964 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/14 00:22:17 | 000,010,594 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\contents.csv
[2010/04/14 00:21:38 | 000,009,414 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\calender.csv
[2010/04/14 00:21:36 | 000,012,994 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).CAL
[2010/04/13 13:35:36 | 000,005,962 | ---- | C] () -- C:\Documents and Settings\Mike\Select for Payment_5.pdf
[2010/04/12 16:31:25 | 000,954,098 | ---- | C] () -- C:\Documents and Settings\Mike\IMG_0119.jpg
[2010/04/12 15:37:28 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA (1).pdf
[2010/04/09 22:01:09 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA.pdf
[2010/04/05 23:39:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/05 23:12:37 | 008,402,915 | ---- | C] () -- C:\Documents and Settings\Mike\408Wiged Foot Contract 001.pdf
[2010/04/05 22:54:27 | 000,022,381 | ---- | C] () -- C:\Documents and Settings\Mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/01 20:13:20 | 000,002,263 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\temp.jpg
[2010/03/31 00:33:23 | 000,230,558 | ---- | C] () -- C:\Documents and Settings\Mike\1171752931.jfx
[2010/03/30 13:05:01 | 000,636,933 | ---- | C] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
[2010/03/30 11:48:00 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237 (1).jfx
[2010/03/30 10:06:30 | 000,005,990 | ---- | C] () -- C:\Documents and Settings\Mike\Select for Payment_1.pdf
[2010/03/29 14:47:23 | 000,636,933 | ---- | C] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
[2010/03/29 10:10:06 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142 (2).jfx
[2010/03/26 16:16:33 | 000,044,016 | ---- | C] () -- C:\Documents and Settings\Mike\1116579034.jfx
[2010/03/26 14:20:40 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237.jfx
[2010/03/25 23:16:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2010/03/25 17:51:20 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/24 22:02:44 | 000,402,632 | ---- | C] () -- C:\Documents and Settings\Mike\1116901836.jfx
[2010/03/23 21:53:00 | 000,341,436 | ---- | C] () -- C:\Documents and Settings\Mike\PrintBlank_5929CAC2-BDC0-468E-A407-E15A8AABF0C5_forOuput.pdf
[2010/03/23 21:50:52 | 000,108,697 | ---- | C] () -- C:\Documents and Settings\Mike\PrintBlank_663A646A-6DE0-419B-8A82-3E82314DE530_forOuput.pdf
[2010/03/16 15:41:09 | 000,007,868 | ---- | C] () -- C:\Documents and Settings\Mike\FW_ New Claim Assignment - File #1001419 (1).eml
[2010/03/15 09:22:00 | 000,087,734 | ---- | C] () -- C:\Documents and Settings\Mike\HomeOwnerPacketrevpdf (1).pdf
[2010/03/13 18:31:45 | 000,841,219 | ---- | C] () -- C:\Documents and Settings\Mike\1022409233.jfx
[2010/03/13 15:38:05 | 000,040,324 | ---- | C] () -- C:\Documents and Settings\Mike\1021740230.jfx
[2010/03/12 22:31:22 | 000,118,069 | ---- | C] () -- C:\Documents and Settings\Mike\Document (1).pdf
[2010/03/12 22:29:53 | 000,414,713 | ---- | C] () -- C:\Documents and Settings\Mike\N45XBillofSale (1).pdf
[2010/03/12 17:30:52 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Mike\Actuator Specifications.doc
[2010/03/12 14:29:55 | 000,151,922 | ---- | C] () -- C:\Documents and Settings\Mike\[9601] - ---408-- Winged Foot Drive.pdf
[2010/03/12 14:29:31 | 000,027,804 | ---- | C] () -- C:\Documents and Settings\Mike\Fax-Back Coversheet.pdf
[2010/03/12 09:42:14 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142 (1).jfx
[2010/03/11 22:32:48 | 000,007,868 | ---- | C] () -- C:\Documents and Settings\Mike\FW_ New Claim Assignment - File #1001419.eml
[2010/03/10 17:00:51 | 000,259,360 | ---- | C] () -- C:\Documents and Settings\Mike\New Merge.xlsx
[2010/03/08 13:17:08 | 000,414,713 | ---- | C] () -- C:\Documents and Settings\Mike\N45XBillofSale.pdf
[2010/03/05 19:16:15 | 000,141,156 | ---- | C] () -- C:\Documents and Settings\Mike\953858539.jfx
[2010/03/05 15:52:49 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Mike\3 FEMA Investigation Packet Checklist Federal Employee SF85P(2)a.doc
[2010/03/05 15:52:06 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Mike\4 - Credit Release.doc
[2010/03/05 15:46:03 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Mike\1 e-QIP Introduction Letter SF85P fed emp 2009 (1).doc
[2010/03/04 18:21:36 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Mike\1 e-QIP Introduction Letter SF85P fed emp 2009.doc
[2010/03/04 18:20:44 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mike\NOTICE.doc
[2010/03/03 23:21:08 | 000,323,752 | ---- | C] () -- C:\Documents and Settings\Mike\1406365844.jfx
[2010/03/03 23:20:10 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike\lease (Robbin Brown)Phillips (1).doc
[2010/02/26 14:07:47 | 000,035,128 | ---- | C] () -- C:\Documents and Settings\Mike\N45X bill of sale (1).pdf
[2010/02/25 14:51:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X (2).doc
[2010/02/25 14:26:21 | 000,030,112 | ---- | C] () -- C:\Documents and Settings\Mike\FORM - HIPAA Release.pdf
[2010/02/25 09:55:34 | 000,118,069 | ---- | C] () -- C:\Documents and Settings\Mike\Document.pdf
[2010/02/23 13:07:03 | 002,652,748 | ---- | C] () -- C:\Documents and Settings\Mike\PschoDogs.wmv
[2010/02/22 14:01:48 | 000,525,428 | ---- | C] () -- C:\Documents and Settings\Mike\mipmcarcggseedstart.pdf
[2010/02/18 11:21:11 | 000,119,328 | ---- | C] () -- C:\Documents and Settings\Mike\57915234-54797612 (1).pdf
[2010/02/18 11:17:27 | 000,119,328 | ---- | C] () -- C:\Documents and Settings\Mike\57915234-54797612.pdf
[2010/02/17 10:50:25 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142.jfx
[2010/02/16 21:33:07 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Mike\REvisedHoPFeb 5 2010.doc
[2010/02/10 00:05:30 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
[2010/02/08 11:18:17 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/02/04 10:33:53 | 000,018,779 | ---- | C] () -- C:\Documents and Settings\Mike\CHILDERS EST.pdf
[2010/02/04 09:54:28 | 000,026,548 | ---- | C] () -- C:\Documents and Settings\Mike\45XFax[1].pdf
[2010/02/04 09:53:58 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X (1).doc
[2010/02/02 10:18:42 | 001,915,392 | ---- | C] () -- C:\WINDOWS\System32\5006d63d-ab34-2f50-77a2-367bdeab8043.dll
[2010/01/29 15:45:10 | 000,044,690 | ---- | C] () -- C:\Documents and Settings\Mike\614739535 (1).jfx
[2010/01/27 22:10:45 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\BBEB50A05B.sys
[2010/01/27 22:10:44 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/01/26 00:04:30 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\Mike\.recently-used.xbel
[2010/01/25 16:22:02 | 000,044,690 | ---- | C] () -- C:\Documents and Settings\Mike\614739535.jfx
[2010/01/22 11:35:13 | 000,035,128 | ---- | C] () -- C:\Documents and Settings\Mike\N45X bill of sale.pdf
[2010/01/21 22:47:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CutMan32.INI
[2010/01/21 22:27:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Signblaz.ini
[2010/01/21 21:33:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\~$ll of Sale Set Aside Document N45X.doc
[2010/01/21 21:33:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X.doc
[2010/01/21 10:47:03 | 004,933,932 | ---- | C] () -- C:\Documents and Settings\Mike\Becarefulpullingout.wmv
[2010/01/19 13:43:23 | 000,087,734 | ---- | C] () -- C:\Documents and Settings\Mike\HomeOwnerPacketrevpdf.pdf
[2010/01/18 10:46:30 | 002,499,072 | ---- | C] () -- C:\Documents and Settings\Mike\CENTER_OF_THE_BIBLE.pps
[2010/01/12 14:45:42 | 000,009,107 | ---- | C] () -- C:\Documents and Settings\Mike\FOREPLAY.mid
[2009/12/30 09:57:20 | 000,139,631 | ---- | C] () -- C:\Documents and Settings\Mike\mitchellTBOX.pdf
[2009/12/29 13:39:40 | 000,035,662 | ---- | C] () -- C:\Documents and Settings\Mike\091229108371CT3730XY.pdf
[2009/12/28 17:11:02 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Mike\Getting a Clear id (1).doc
[2009/12/28 17:10:48 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Mike\Placing an order (1).doc
[2009/12/28 17:09:58 | 004,408,830 | ---- | C] () -- C:\Documents and Settings\Mike\clear pricing.pdf
[2009/12/22 23:37:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/12/18 22:22:23 | 008,657,608 | ---- | C] () -- C:\Documents and Settings\Mike\20091217185037.PDF
[2009/12/17 00:08:22 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Mike\Getting a Clear id.doc
[2009/12/16 23:06:27 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Mike\Placing an order.doc
[2009/12/13 16:03:26 | 000,026,966 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2009/12/13 15:27:50 | 000,038,262 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.ADR
[2009/12/03 22:05:36 | 000,070,984 | ---- | C] () -- C:\Documents and Settings\Mike\g2mdlhlpx.exe
[2009/12/02 18:16:08 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\fontdb.mdb
[2009/11/16 13:05:47 | 005,995,308 | ---- | C] () -- C:\Documents and Settings\Mike\BPO Information 408 Winged Foot Drive.pdf
[2009/11/12 11:45:46 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Mike\MIKE CHILDERS.doc
[2009/11/08 21:26:34 | 000,072,648 | ---- | C] () -- C:\Documents and Settings\Mike\Employee Statement.pdf
[2009/11/07 22:04:34 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike\lease (Robbin Brown)Phillips.doc
[2009/10/23 17:05:22 | 006,021,408 | ---- | C] () -- C:\Documents and Settings\Mike\extraordinaire_instrument_de_musique.wmv
[2009/10/21 09:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\longfile.INI
[2009/10/21 09:45:24 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\scpext.dll
[2009/09/08 21:13:07 | 006,681,967 | ---- | C] () -- C:\Documents and Settings\Mike\cockpitviewofshuttlelanding.wmv
[2009/07/16 17:31:42 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\Mike\AE.Init
[2009/07/16 17:31:42 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Mike\AE.Memory
[2009/05/15 19:02:59 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/15 17:33:14 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Mike\ntuser.dat.LOG
[2009/05/15 16:59:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\$_hpcst$.hpc
[2008/11/12 14:15:57 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
[2008/11/12 11:06:57 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/11/12 11:06:57 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/11/12 11:06:57 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/11/12 11:06:57 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2008/11/11 20:30:31 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EQUALIZER.INI
[2008/10/29 08:21:56 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\B0CE35F0A7.dll
[2008/10/16 12:08:02 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/10/16 00:52:52 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2008/10/05 22:35:40 | 000,390,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/09/04 09:40:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/09/04 09:26:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\DDSSetup.ini
[2008/03/23 21:33:43 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/04 09:37:24 | 000,000,539 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/25 23:59:18 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/02/23 15:03:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2005/09/10 22:28:58 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini
[2005/02/18 10:06:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\OKI C5400n(PS).ini
[2005/01/03 23:37:02 | 000,176,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\SELSAUSB.SYS
[2005/01/03 23:37:02 | 000,176,188 | ---- | C] () -- C:\WINDOWS\System32\drivers\LSAUSB.SYS
[2004/12/31 09:22:45 | 000,002,395 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/12/24 19:19:49 | 000,000,236 | ---- | C] () -- C:\WINDOWS\ndw.ini
[2004/09/21 23:00:50 | 000,000,033 | ---- | C] () -- C:\WINDOWS\QkEngine.INI
[2004/09/18 06:19:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mike\ntuser.ini
[2004/09/18 06:18:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/09/18 06:18:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/09/17 22:33:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/17 21:56:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/09/17 21:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/09/17 16:39:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/16 15:02:25 | 000,000,738 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/16 14:41:50 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/05/16 14:32:59 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/16 14:26:20 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/16 14:25:42 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/16 13:49:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/16 13:49:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/10/07 11:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/30 08:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll

========== LOP Check ==========

[2009/05/15 16:57:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/15 16:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.1 Setup
[2009/05/16 10:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/07/15 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/15 16:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/05/15 16:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/10/23 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiK
[2009/05/15 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/05/15 16:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/03/11 12:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/15 16:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/15 16:58:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2009/05/15 16:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Allume Systems
[2010/04/21 13:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Audacity
[2009/05/15 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Autodesk
[2009/12/02 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\BorWare
[2009/05/15 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\CE Software
[2009/05/15 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Digidesign
[2009/05/16 11:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ESET
[2010/01/14 14:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FileZilla
[2009/05/15 16:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/07/24 10:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ImgBurn
[2010/01/23 23:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\inkscape
[2009/05/15 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\InterVideo
[2010/01/04 19:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\KompoZer
[2009/05/15 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/10/23 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\MiK
[2009/05/15 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\MioNet
[2009/05/15 16:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mjusbsp
[2009/05/15 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PACE Anti-Piracy
[2009/05/15 17:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Seattle Avionics
[2009/05/15 17:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SeventhDigit
[2010/01/24 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SignCut
[2010/01/18 22:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sprite Software
[2009/05/15 17:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Startly
[2009/05/15 17:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Template
[2009/05/15 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Thunderbird
[2010/02/11 11:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\tinySpell
[2009/05/15 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\W Photo Studio Viewer
[2009/05/15 17:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\WD
[2010/04/03 10:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\WeatherBug
[2010/01/21 18:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/03/30 22:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/28 23:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/05/15 19:02:59 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2003/10/07 04:37:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/10/07 04:37:54 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/10/07 04:37:54 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Program Files\Signmaker X4:{56004D00-6C00-6500-5200-480046007500}
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

< MD5 for: [2002/08/28 23:27:50 | 000,086,912 | ---- | M] (MICROSOFT CORPORATION) >
[2002/08/28 23:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys

< MD5 for: [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: AGP440.SYS >
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/03/30 22:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/05/15 19:02:59 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2003/10/07 04:37:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/10/07 04:37:54 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/10/07 04:37:54 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >


Sorry, I didn't see the extra.txt

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:11 PM

Posted 23 April 2010 - 01:42 PM

Hi,


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





Please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.

How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 24 April 2010 - 08:50 AM

OTL Extras logfile created on: 4/23/2010 3:35:17 PM - Run 3
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Mike\Desktop\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 150.87 Gb Free Space | 64.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 441.60 Gb Free Space | 94.84% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQLAPTOP
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UsagePieChart] -- "C:\Program Files\ShowMan\ShowMan.exe" "%1" (SatSignal Software, Edinburgh)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1700:TCP" = 1700:TCP:*:Disabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Disabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Disabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Disabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Disabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Disabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Disabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Disabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Disabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Disabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Disabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Disabled:MioNet Storage Device Discovery
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Mike\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Mike\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe" = C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe:*:Disabled:Adobe Photoshop Album 2.0 Starter Edition -- (Adobe Systems Incorporated)
"C:\Program Files\Half-Life\hl.exe" = C:\Program Files\Half-Life\hl.exe:*:Disabled:Half-Life Launcher -- (Valve, L.L.C.)
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Disabled:MioNet -- (Sun Microsystems, Inc.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Disabled:MioNetManager -- ()
"C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\App.exe" = C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\App.exe:*:Disabled:SAi Flexi -- (SA International Incorporated Scanvec12345678890 123456789)
"C:\WINDOWS\system32\SAiLicSvr.exe" = C:\WINDOWS\system32\SAiLicSvr.exe:*:Disabled:SAi License Service -- (SA International)
"C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\App2.exe" = C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\App2.exe:*:Disabled:SAi Product Managet -- (Scanvec Amiable 12345678890 123456789)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW® Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{003DF6C7-2E32-46E1-8CAE-3BB038F88CBB}" = BVSInstall
"{01481D28-0733-46ca-A083-0985A6BBA615}" = eFax Messenger 4.1
"{024E6362-7D37-4D78-93F9-00C1747DA645}" = Residential Component Technology - Standalone
"{06916226-680C-44DC-9419-D988BD3FF0F7}" = Digidesign Dynamics III 6.9
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11FC22F2-F582-40ED-B787-2C1FDC04CB3B}" = CorelDRAW Graphics Suite X4 - IPM
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1" = PDF-Tools 4
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{161B0ABD-3856-42AC-8A43-9D2B9C7FC6C5}" = Image Minimizer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit
"{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D9F550A-3531-454C-94FD-E9E9E67A2809}" = Microsoft .NET Compact Framework 1.0 SP2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"{22B667F6-7EF8-49A6-B652-7F703330CBFD}" = QuicKeys
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy
"{317F1DBE-F345-44C3-B657-89C14EF2A9E8}" = iLok Client Helper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}" = WD Anywhere Backup
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = MioNet
"{5783F2D7-0001-0409-0000-0060B0CE6BBA}" = AutoCAD 2000i
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{67EC0571-4B4E-40C2-8A81-8C1B02D87DB0}" = iDEN Phonebook Manager
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1BE5C0-5B88-4ED1-BFAC-260592FA64C8}" = X-keys Legend Maker
"{6FB8135C-FF1B-4772-BFA7-197F75A75AB5}" = Microsoft Money 2006 System Pack
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7DF3110A-5861-4508-BAEB-54A09E650691}" = Digidesign Pro Tools Documentation 7.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A28748-46BA-4010-A877-E9808993C214}" = LightScribe Template Designs - Architecture Pack 1
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8827923A-B5B5-44F9-8FAF-DFFDB23BBEB8}" = Sprite Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{92B43A6F-E328-495A-ACFA-FC47C1B7215D}" = Digidesign Shared Plug-Ins 7.0
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2FC9F43-AED4-4D57-AC2A-E2103473ACD7}" = Voyager 4 Flight Software System
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}" = IKEA HomePlanner Kitchen
"{A3F60446-48FB-48A8-B5FC-BB3430AEF806}" = Diskeeper Lite
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A639BD63-8CE6-11D5-B4CC-00105A07274A}" = REXplorer Component Upgrade
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{af6131fc-32da-45ea-a1e7-fe634f8f2722}.sdb" = SignBlazer5.5 XP buttons
"{B0704919-D617-4F16-AED7-C6CB1E96BD7D}_is1" = Anywhere Map XP v2.0 Build 8 Full Install
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09E73BE-F90C-4826-AADA-CF37AB3B1E1F}_is1" = Anywhere Map Pro v2.1 Build 10 Full Install
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1D20A54-855D-4587-AD39-982C426D10AD}" = Sprite Terminator
"{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}" = SRS Audio Sandbox
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CCA6C6E9-0A47-401D-8A33-4A678A67B3A7}" = Digidesign Pro Tools M-Powered 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 4.20 E1
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{D9CF5E60-42B1-489B-A0E2-9A6EE3DEB969}" = Firewire Family
"{D9D6276F-44CB-4392-A883-2FDC527127A2}" = FlexiSTARTER Seiki Edition
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}" = Free Bomb Factory Plug-Ins 7.0
"{e1c80031-c18e-41fd-a73f-e99af65c7b8d}.sdb" = AllKeys DEP Compatability
"{E256842C-AD14-4BDC-87B2-B3A4A7037837}" = LogMeIn
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}" = ESET Smart Security
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2E6CAF1-D651-4A74-8CC6-D92FE81FDBCC}" = WD Drive Manager (x86)
"{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F7634B40-2B75-4EE0-8711-05902BA3DDFC}" = USB Reader (SA6SE)
"{FC2BA05A-B85D-4607-95FC-8B42CB3B4C94}" = The Worksite CD - National Edition Summer 2003
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Aces High II" = Aces High II
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AOPA's Real-Time Flight Planner" = AOPA's Real-Time Flight Planner 1.2.3
"Art Vista Virtual Grand Piano" = Art Vista Virtual Grand Piano
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVS DVD Copy_is1" = AVS DVD Copy version 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Best-Charts_is1" = Best-Charts trial version 4.50.1
"BlazeAudio WebEQ Trial" = WebEQ Trial
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner (remove only)
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Corel Applications" = Corel Applications
"DSt1_is1" = Digidesign Strike 1.0
"DVD43_is1" = DVD43 v4.4.1
"eMule" = eMule
"ESET Online Scanner" = ESET Online Scanner v3
"ExifPro 1.0" = ExifPro 1.0 Photo Viewer
"FileZilla Client" = FileZilla Client 3.1.2
"FinePrint" = FinePrint
"FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream
"HijackThis" = HijackThis 2.0.2
"iDEN Download Apps Utility" = iDEN Download Apps Utility
"ie7beta2" = Internet Explorer 7 Beta 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.47
"InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"InstallShield_{47566D9F-6ED6-47C6-8A92-B5C01C44EDB4}" = WD Anywhere Backup
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{BDD9C83D-E2B5-4D1D-9458-F2AB5655D6B9}" = QuicKeys
"IntegriClaim" = IntegriClaim
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MacroWorks II" = MacroWorks II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2008b" = Microsoft Money Plus
"MortScript" = MortScript
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.2)" = Mozilla Sunbird (0.2)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Native Instruments B4 II" = Native Instruments B4 II
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA GART Driver" = NVIDIA GART Driver
"Patiences" = Patiences
"pdfFactory Pro" = pdfFactory Pro
"RealPlayer 6.0" = RealPlayer
"SB_USCutter_Elements_ID_is1" = SignBlazer Elements for USCutter release 6.0.21
"SeventhDigitAllKeysMacro_is1" = AllKeys Macro 2.21
"SignCut" = SignCut (remove only)
"SimpleOCR 3.1" = SimpleOCR 3.1
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spy Cleaner Gold 9.8 Trial Version" = Spy Cleaner Gold 9.8 Trial Version
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = ScreenPrint32 v3.5
"ST6UNST #2" = Outlook2iDen
"The Simpsons Movie" = The Simpsons Movie Screen Saver
"TitleBarClock" = TitleBarClock
"Tweak UI 2.10" = Tweak UI
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebEQ Trial" = WebEQ Trial
"WEFT" = Microsoft Web Embedding Fonts Tool (III)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2010 1:44:25 PM | Computer Name = COMPAQLAPTOP | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/23/2010 3:23:46 PM | Computer Name = COMPAQLAPTOP | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/23/2010 3:30:15 PM | Computer Name = COMPAQLAPTOP | Source = nview_info | ID = 11141121
Description =

Error - 4/23/2010 3:30:27 PM | Computer Name = COMPAQLAPTOP | Source = nview_info | ID = 11141121
Description =

Error - 4/23/2010 3:30:51 PM | Computer Name = COMPAQLAPTOP | Source = nview_info | ID = 11141121
Description =

Error - 4/23/2010 3:31:45 PM | Computer Name = COMPAQLAPTOP | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/23/2010 3:34:50 PM | Computer Name = COMPAQLAPTOP | Source = nview_info | ID = 11141121
Description =

Error - 4/23/2010 4:55:29 PM | Computer Name = COMPAQLAPTOP | Source = nview_info | ID = 11141121
Description =

Error - 4/23/2010 5:02:13 PM | Computer Name = COMPAQLAPTOP | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 4/23/2010 5:09:00 PM | Computer Name = COMPAQLAPTOP | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ OSession Events ]
Error - 3/3/2010 9:51:32 AM | Computer Name = COMPAQLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1049. This session lasted 124191
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 3/12/2010 9:36:37 AM | Computer Name = COMPAQLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1049. This session lasted 577846
seconds with 13080 seconds of active time. This session ended with a crash.

Error - 4/9/2010 9:46:14 AM | Computer Name = COMPAQLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1049. This session lasted 298303
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 4/14/2010 10:52:46 AM | Computer Name = COMPAQLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1049. This session lasted 148598
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 4/19/2010 7:59:49 PM | Computer Name = COMPAQLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 300615
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/22/2010 2:06:36 PM | Computer Name = COMPAQLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 299
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/22/2010 4:48:16 PM | Computer Name = COMPAQLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1.
The
master browser is stopping or an election is being forced.

Error - 4/22/2010 7:29:35 PM | Computer Name = COMPAQLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1.
The
master browser is stopping or an election is being forced.

Error - 4/22/2010 8:30:04 PM | Computer Name = COMPAQLAPTOP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.100. The machine with the IP address 192.168.1.119 did
not allow the name to be claimed by this machine.

Error - 4/22/2010 8:42:22 PM | Computer Name = COMPAQLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1.
The
master browser is stopping or an election is being forced.

Error - 4/22/2010 9:44:44 PM | Computer Name = COMPAQLAPTOP | Source = TermServDevices | ID = 1111
Description = Driver Send To Microsoft OneNote Driver required for printer Send
To OneNote 2007 is unknown. Contact the administrator to install the driver before
you log in again.

Error - 4/23/2010 1:09:04 AM | Computer Name = COMPAQLAPTOP | Source = TermServDevices | ID = 1111
Description = Driver Send To Microsoft OneNote Driver required for printer Send
To OneNote 2007 is unknown. Contact the administrator to install the driver before
you log in again.

Error - 4/23/2010 12:12:50 PM | Computer Name = COMPAQLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1.
The
master browser is stopping or an election is being forced.

Error - 4/23/2010 12:17:02 PM | Computer Name = COMPAQLAPTOP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.100. The machine with the IP address 192.168.1.119 did
not allow the name to be claimed by this machine.

Error - 4/23/2010 3:11:31 PM | Computer Name = COMPAQLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1.
The
master browser is stopping or an election is being forced.

Error - 4/23/2010 4:42:51 PM | Computer Name = COMPAQLAPTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
QUIROZ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C3D1760B-F388-412C-B1.
The
master browser is stopping or an election is being forced.


< End of report >


OTL logfile created on: 4/23/2010 3:35:17 PM - Run 3
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Mike\Desktop\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 150.87 Gb Free Space | 64.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 441.60 Gb Free Space | 94.84% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQLAPTOP
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/21 16:03:16 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\Downloads\OTL.exe
PRC - [2010/04/04 19:45:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/29 11:08:28 | 001,653,248 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/10/26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/10/08 19:55:02 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/08 19:54:47 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/08 15:00:52 | 009,425,176 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
PRC - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008/11/13 10:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/10/16 10:09:21 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 20:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 02:22:14 | 002,539,160 | ---- | M] (SeventhDigit) -- C:\Program Files\AllKeys\AllKeys.exe
PRC - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\SAiDownloader.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/11/20 14:34:02 | 000,565,248 | ---- | M] (Topdownloads Networks) -- C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe
PRC - [2006/11/13 13:39:54 | 004,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/27 15:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006/10/27 15:07:36 | 017,891,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2005/08/04 07:11:54 | 000,848,896 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2003/05/15 21:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
PRC - [2003/03/30 22:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2002/08/23 15:39:52 | 000,035,840 | ---- | M] () -- C:\Program Files\TitleBarClock\TBC.EXE
PRC - [1999/03/18 01:38:10 | 008,798,260 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/21 16:03:16 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\Downloads\OTL.exe
MOD - [2007/12/21 02:22:14 | 000,048,792 | ---- | M] () -- C:\Program Files\AllKeys\focuschange.dll
MOD - [2005/02/23 23:26:00 | 001,458,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2005/02/23 23:26:00 | 001,019,904 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2005/02/23 23:26:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WDBtnMgrSvc.exe)
SRV - [2009/10/08 19:55:02 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/04/09 16:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/10/16 10:09:21 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/11 02:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008/07/10 19:26:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/01/14 15:14:28 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2007/09/11 12:23:22 | 000,438,272 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\WINDOWS\System32\SAiDownloader.exe -- (SAiDownloader)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/10/26 00:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/10/25 23:06:08 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/08/04 07:11:54 | 000,848,896 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2003/03/30 22:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Disabled | Stopped] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 11:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 11:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/08 19:54:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/08 11:43:28 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/05/15 19:02:59 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/09 16:21:12 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/04/09 16:21:10 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/04/09 16:21:06 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/04/09 16:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/04/09 16:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/10/03 17:58:34 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\Seiki\FlexiSTARTER Seiki Edition\Program\Par1284.sys -- (Par1284)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/09 14:12:06 | 000,018,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/06 04:00:21 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2007/12/21 02:22:14 | 000,012,952 | ---- | M] (AllKeys) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\allkeys01.sys -- (allkeys01)
DRV - [2007/07/26 10:25:12 | 000,039,808 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/10/26 00:19:56 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2005/09/27 09:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/09/27 03:57:14 | 000,027,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2005/09/20 19:17:24 | 000,017,536 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAFWBOOT.sys -- (MAFWBOOT) Bootloader Service for M-Audio FW Driver (WDM)
DRV - [2005/09/20 19:17:20 | 000,182,656 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\deltafw.sys -- (DELTAFW) Service for M-Audio FW Driver (WDM)
DRV - [2005/02/23 23:26:00 | 003,444,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/09/17 21:56:41 | 000,015,584 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/07/01 13:59:40 | 000,070,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/05/08 13:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/03/19 13:40:54 | 001,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/18 02:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/18 02:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/12/04 08:29:58 | 000,286,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/12/02 10:27:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/11/07 00:39:32 | 000,049,792 | R--- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/10/23 11:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/08 04:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 09:57:52 | 000,007,080 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 07:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2003/03/30 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/30 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/07/04 13:41:48 | 000,593,920 | R--- | M] (NETGEAR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA401RB.sys -- (WLANRB)
DRV - [2001/08/17 03:13:20 | 000,027,164 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CE3N5.SYS -- (CE3)
DRV - [2001/07/13 15:58:00 | 000,176,220 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SELSAUSB.SYS -- (SELSAUSBHW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.77
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.7.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {c750eb63-9a7b-df5b-0eea-ba5ce1256fab}:4.6.6.3
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 19:45:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/11/29 14:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/29 14:48:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/06 18:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/05/16 10:59:39 | 000,000,000 | ---D | M]

[2009/05/15 16:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/04/22 22:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions
[2010/03/26 09:51:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/12/14 22:02:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/02/11 11:51:51 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/11 11:27:36 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/01/05 13:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/04/09 09:59:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/11 11:27:45 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}(2)
[2010/02/26 12:35:54 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/07/05 15:28:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/03/16 10:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/01/08 15:33:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/11 11:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2)
[2009/11/12 13:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/09 09:59:51 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009/05/15 17:00:08 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2009/11/30 11:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\elemhidehelper@adblockplus.org
[2010/04/09 09:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\exif_viewer@mozilla.doslash.org
[2010/02/11 11:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\foxmarks@kei(2).com
[2009/06/09 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\extensions\LogMeInClient@logmein.com
[2009/05/15 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mozilla\Sunbird\Profiles\9ws3wdf4.default\extensions
[2010/01/23 13:05:44 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ac9keejs.default\searchplugins\bing.xml
[2010/04/20 11:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/03 15:28:14 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{c750eb63-9a7b-df5b-0eea-ba5ce1256fab}
[2009/09/08 15:01:18 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2010/04/19 20:19:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKLM..\Run: [Spy Watcher] C:\Program Files\Spy Cleaner Gold Trial\SpyWatcher.exe (Topdownloads Networks)
O4 - HKCU..\Run: [AllKeysMacro] C:\Program Files\AllKeys\AllKeys.exe (SeventhDigit)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Title Bar Clock.lnk = C:\Program Files\TitleBarClock\TBC.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: onlinereportinginc.com ([filetrac] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([atl] http in Trusted sites)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} http://support.rexplorer.net/iftw_install//iftwclix.cab (InstallFromTheWeb ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1095460271703 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8DFD2B39-2320-4F01-9AEC-1C9F04C1A1B4} https://filetrac.onlinereportinginc.com/sys...ImageUpload.CAB (ImageUpload.ctrlImageUpload)
O16 - DPF: {924F03B2-942A-45FF-B8CC-B0D2C16FD913} https://filetrac.onlinereportinginc.com/system/EXELaunch.CAB (EXELaunch.EXELaunchControl)
O16 - DPF: {C8D803B0-2FA0-49F8-8D6D-6764DE34B2E1} https://filetrac.onlinereportinginc.com/sys...umentUpload.CAB (DocumentUpload.ctrlDocUpload)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/20 11:09:09 | 000,000,045 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/05/15 19:03:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (412316860416)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/21 12:49:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/20 12:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/04/20 12:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Audacity
[2010/04/20 12:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/04/19 20:05:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/19 20:03:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 20:03:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 20:03:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 20:03:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 20:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 19:55:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/15 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/15 12:54:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/03 13:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2010/03/25 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\gmer
[2010/03/05 19:47:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/22 09:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2009/09/09 08:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/24 09:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/06/21 23:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/05/27 10:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2009/05/26 11:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\TiVo Desktop
[2009/05/18 13:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/05/16 11:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/05/15 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/15 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/15 16:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/15 16:59:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/04/11 10:47:47 | 000,724,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Mike\gotomypc_437.exe
[4 E:\Data\*.tmp files -> E:\Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/23 13:17:35 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/04/22 20:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/22 13:57:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 13:56:52 | 000,023,773 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/22 13:56:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 13:56:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 09:49:09 | 000,391,168 | ---- | M] () -- C:\Documents and Settings\Mike\Copy of CompensationUpdate02012010 (2).xls
[2010/04/22 09:49:05 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2010/04/22 09:41:10 | 001,635,774 | ---- | M] () -- C:\Documents and Settings\Mike\Multi Level What.pptx
[2010/04/21 16:09:41 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/20 15:36:05 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/04/20 12:39:53 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/20 12:39:06 | 000,047,104 | ---- | M] () -- E:\Data\Phone.xls
[2010/04/19 21:19:57 | 000,257,128 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 20:19:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/19 20:19:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/19 20:17:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/04/19 20:05:38 | 000,000,285 | RHS- | M] () -- C:\boot.ini
[2010/04/19 19:59:58 | 003,176,232 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/04/15 16:55:06 | 000,402,632 | ---- | M] () -- C:\Documents and Settings\Mike\1116901836 (1).jfx
[2010/04/15 16:54:52 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237 (2).jfx
[2010/04/15 16:54:16 | 000,135,568 | ---- | M] () -- C:\Documents and Settings\Mike\1165963736.jfx
[2010/04/15 16:53:58 | 000,102,022 | ---- | M] () -- C:\Documents and Settings\Mike\1171787238.jfx
[2010/04/15 16:53:37 | 000,129,996 | ---- | M] () -- C:\Documents and Settings\Mike\1171806532.jfx
[2010/04/15 13:14:38 | 000,845,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 12:57:36 | 000,000,654 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/14 09:10:48 | 000,000,738 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/14 09:10:46 | 000,011,413 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.TSK
[2010/04/14 09:09:57 | 000,038,262 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.ADR
[2010/04/14 09:09:13 | 000,012,964 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/14 00:22:21 | 000,010,594 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\contents.csv
[2010/04/14 00:22:20 | 000,026,966 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2010/04/14 00:21:38 | 000,009,414 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\calender.csv
[2010/04/14 00:21:36 | 000,012,994 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).CAL
[2010/04/13 13:35:36 | 000,005,962 | ---- | M] () -- C:\Documents and Settings\Mike\Select for Payment_5.pdf
[2010/04/12 16:31:25 | 000,954,098 | ---- | M] () -- C:\Documents and Settings\Mike\IMG_0119.jpg
[2010/04/12 15:37:28 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA (1).pdf
[2010/04/09 22:01:09 | 000,016,850 | ---- | M] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA.pdf
[2010/04/06 06:03:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 23:39:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/05 23:12:38 | 008,402,915 | ---- | M] () -- C:\Documents and Settings\Mike\408Wiged Foot Contract 001.pdf
[2010/04/05 22:54:28 | 000,022,381 | ---- | M] () -- C:\Documents and Settings\Mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/01 20:10:09 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\temp.jpg
[2010/03/31 00:33:23 | 000,230,558 | ---- | M] () -- C:\Documents and Settings\Mike\1171752931.jfx
[2010/03/30 13:05:01 | 000,636,933 | ---- | M] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
[2010/03/30 11:48:00 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237 (1).jfx
[2010/03/30 10:06:30 | 000,005,990 | ---- | M] () -- C:\Documents and Settings\Mike\Select for Payment_1.pdf
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 14:47:23 | 000,636,933 | ---- | M] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
[2010/03/29 10:10:06 | 000,682,902 | ---- | M] () -- C:\Documents and Settings\Mike\803668142 (2).jfx
[2010/03/28 11:52:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\OKI C5400n(PS).ini
[2010/03/26 16:16:33 | 000,044,016 | ---- | M] () -- C:\Documents and Settings\Mike\1116579034.jfx
[2010/03/26 14:20:40 | 000,023,610 | ---- | M] () -- C:\Documents and Settings\Mike\1133617237.jfx
[2010/03/25 23:16:31 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2010/03/25 17:51:20 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/25 17:13:50 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\IntegriClaim.lnk
[2010/03/24 22:02:44 | 000,402,632 | ---- | M] () -- C:\Documents and Settings\Mike\1116901836.jfx
[4 E:\Data\*.tmp files -> E:\Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 09:49:05 | 000,391,168 | ---- | C] () -- C:\Documents and Settings\Mike\Copy of CompensationUpdate02012010 (2).xls
[2010/04/22 09:41:10 | 001,635,774 | ---- | C] () -- C:\Documents and Settings\Mike\Multi Level What.pptx
[2010/04/20 12:39:53 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/04/19 20:05:38 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2010/04/19 20:05:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/19 20:03:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 20:03:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 20:03:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 20:03:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 20:03:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/15 16:55:06 | 000,402,632 | ---- | C] () -- C:\Documents and Settings\Mike\1116901836 (1).jfx
[2010/04/15 16:54:52 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237 (2).jfx
[2010/04/15 16:54:16 | 000,135,568 | ---- | C] () -- C:\Documents and Settings\Mike\1165963736.jfx
[2010/04/15 16:53:58 | 000,102,022 | ---- | C] () -- C:\Documents and Settings\Mike\1171787238.jfx
[2010/04/15 16:53:37 | 000,129,996 | ---- | C] () -- C:\Documents and Settings\Mike\1171806532.jfx
[2010/04/14 09:10:46 | 000,011,413 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.TSK
[2010/04/14 09:09:13 | 000,012,964 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/14 00:22:17 | 000,010,594 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\contents.csv
[2010/04/14 00:21:38 | 000,009,414 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\calender.csv
[2010/04/14 00:21:36 | 000,012,994 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).CAL
[2010/04/13 13:35:36 | 000,005,962 | ---- | C] () -- C:\Documents and Settings\Mike\Select for Payment_5.pdf
[2010/04/12 16:31:25 | 000,954,098 | ---- | C] () -- C:\Documents and Settings\Mike\IMG_0119.jpg
[2010/04/12 15:37:28 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA (1).pdf
[2010/04/09 22:01:09 | 000,016,850 | ---- | C] () -- C:\Documents and Settings\Mike\Est_Stan_1052_from_FIVE_STA.pdf
[2010/04/05 23:39:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\~$TTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/05 23:12:37 | 008,402,915 | ---- | C] () -- C:\Documents and Settings\Mike\408Wiged Foot Contract 001.pdf
[2010/04/05 22:54:27 | 000,022,381 | ---- | C] () -- C:\Documents and Settings\Mike\LETTER TO SELLING AUCTIONEER OR TRUSTEE.docx
[2010/04/01 20:13:20 | 000,002,263 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\temp.jpg
[2010/03/31 00:33:23 | 000,230,558 | ---- | C] () -- C:\Documents and Settings\Mike\1171752931.jfx
[2010/03/30 13:05:01 | 000,636,933 | ---- | C] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001 (1).pdf
[2010/03/30 11:48:00 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237 (1).jfx
[2010/03/30 10:06:30 | 000,005,990 | ---- | C] () -- C:\Documents and Settings\Mike\Select for Payment_1.pdf
[2010/03/29 14:47:23 | 000,636,933 | ---- | C] () -- C:\Documents and Settings\Mike\408 Winged Foot Dr Community Association Disclosure 001.pdf
[2010/03/29 10:10:06 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142 (2).jfx
[2010/03/26 16:16:33 | 000,044,016 | ---- | C] () -- C:\Documents and Settings\Mike\1116579034.jfx
[2010/03/26 14:20:40 | 000,023,610 | ---- | C] () -- C:\Documents and Settings\Mike\1133617237.jfx
[2010/03/25 23:16:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2010/03/25 17:51:20 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/24 22:02:44 | 000,402,632 | ---- | C] () -- C:\Documents and Settings\Mike\1116901836.jfx
[2010/03/23 21:53:00 | 000,341,436 | ---- | C] () -- C:\Documents and Settings\Mike\PrintBlank_5929CAC2-BDC0-468E-A407-E15A8AABF0C5_forOuput.pdf
[2010/03/23 21:50:52 | 000,108,697 | ---- | C] () -- C:\Documents and Settings\Mike\PrintBlank_663A646A-6DE0-419B-8A82-3E82314DE530_forOuput.pdf
[2010/03/16 15:41:09 | 000,007,868 | ---- | C] () -- C:\Documents and Settings\Mike\FW_ New Claim Assignment - File #1001419 (1).eml
[2010/03/15 09:22:00 | 000,087,734 | ---- | C] () -- C:\Documents and Settings\Mike\HomeOwnerPacketrevpdf (1).pdf
[2010/03/13 18:31:45 | 000,841,219 | ---- | C] () -- C:\Documents and Settings\Mike\1022409233.jfx
[2010/03/13 15:38:05 | 000,040,324 | ---- | C] () -- C:\Documents and Settings\Mike\1021740230.jfx
[2010/03/12 22:31:22 | 000,118,069 | ---- | C] () -- C:\Documents and Settings\Mike\Document (1).pdf
[2010/03/12 22:29:53 | 000,414,713 | ---- | C] () -- C:\Documents and Settings\Mike\N45XBillofSale (1).pdf
[2010/03/12 17:30:52 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Mike\Actuator Specifications.doc
[2010/03/12 14:29:55 | 000,151,922 | ---- | C] () -- C:\Documents and Settings\Mike\[9601] - ---408-- Winged Foot Drive.pdf
[2010/03/12 14:29:31 | 000,027,804 | ---- | C] () -- C:\Documents and Settings\Mike\Fax-Back Coversheet.pdf
[2010/03/12 09:42:14 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142 (1).jfx
[2010/03/11 22:32:48 | 000,007,868 | ---- | C] () -- C:\Documents and Settings\Mike\FW_ New Claim Assignment - File #1001419.eml
[2010/03/10 17:00:51 | 000,259,360 | ---- | C] () -- C:\Documents and Settings\Mike\New Merge.xlsx
[2010/03/08 13:17:08 | 000,414,713 | ---- | C] () -- C:\Documents and Settings\Mike\N45XBillofSale.pdf
[2010/03/05 19:16:15 | 000,141,156 | ---- | C] () -- C:\Documents and Settings\Mike\953858539.jfx
[2010/03/05 15:52:49 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Mike\3 FEMA Investigation Packet Checklist Federal Employee SF85P(2)a.doc
[2010/03/05 15:52:06 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Mike\4 - Credit Release.doc
[2010/03/05 15:46:03 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Mike\1 e-QIP Introduction Letter SF85P fed emp 2009 (1).doc
[2010/03/04 18:21:36 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Mike\1 e-QIP Introduction Letter SF85P fed emp 2009.doc
[2010/03/04 18:20:44 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mike\NOTICE.doc
[2010/03/03 23:21:08 | 000,323,752 | ---- | C] () -- C:\Documents and Settings\Mike\1406365844.jfx
[2010/03/03 23:20:10 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike\lease (Robbin Brown)Phillips (1).doc
[2010/02/26 14:07:47 | 000,035,128 | ---- | C] () -- C:\Documents and Settings\Mike\N45X bill of sale (1).pdf
[2010/02/25 14:51:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X (2).doc
[2010/02/25 14:26:21 | 000,030,112 | ---- | C] () -- C:\Documents and Settings\Mike\FORM - HIPAA Release.pdf
[2010/02/25 09:55:34 | 000,118,069 | ---- | C] () -- C:\Documents and Settings\Mike\Document.pdf
[2010/02/23 13:07:03 | 002,652,748 | ---- | C] () -- C:\Documents and Settings\Mike\PschoDogs.wmv
[2010/02/22 14:01:48 | 000,525,428 | ---- | C] () -- C:\Documents and Settings\Mike\mipmcarcggseedstart.pdf
[2010/02/18 11:21:11 | 000,119,328 | ---- | C] () -- C:\Documents and Settings\Mike\57915234-54797612 (1).pdf
[2010/02/18 11:17:27 | 000,119,328 | ---- | C] () -- C:\Documents and Settings\Mike\57915234-54797612.pdf
[2010/02/17 10:50:25 | 000,682,902 | ---- | C] () -- C:\Documents and Settings\Mike\803668142.jfx
[2010/02/16 21:33:07 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Mike\REvisedHoPFeb 5 2010.doc
[2010/02/10 00:05:30 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sgcpom.dat
[2010/02/08 11:18:17 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/02/04 10:33:53 | 000,018,779 | ---- | C] () -- C:\Documents and Settings\Mike\CHILDERS EST.pdf
[2010/02/04 09:54:28 | 000,026,548 | ---- | C] () -- C:\Documents and Settings\Mike\45XFax[1].pdf
[2010/02/04 09:53:58 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X (1).doc
[2010/02/02 10:18:42 | 001,915,392 | ---- | C] () -- C:\WINDOWS\System32\5006d63d-ab34-2f50-77a2-367bdeab8043.dll
[2010/01/29 15:45:10 | 000,044,690 | ---- | C] () -- C:\Documents and Settings\Mike\614739535 (1).jfx
[2010/01/27 22:10:45 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\BBEB50A05B.sys
[2010/01/27 22:10:44 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/01/26 00:04:30 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\Mike\.recently-used.xbel
[2010/01/25 16:22:02 | 000,044,690 | ---- | C] () -- C:\Documents and Settings\Mike\614739535.jfx
[2010/01/22 11:35:13 | 000,035,128 | ---- | C] () -- C:\Documents and Settings\Mike\N45X bill of sale.pdf
[2010/01/21 22:47:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CutMan32.INI
[2010/01/21 22:27:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Signblaz.ini
[2010/01/21 21:33:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Mike\~$ll of Sale Set Aside Document N45X.doc
[2010/01/21 21:33:31 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mike\Bill of Sale Set Aside Document N45X.doc
[2010/01/21 10:47:03 | 004,933,932 | ---- | C] () -- C:\Documents and Settings\Mike\Becarefulpullingout.wmv
[2010/01/19 13:43:23 | 000,087,734 | ---- | C] () -- C:\Documents and Settings\Mike\HomeOwnerPacketrevpdf.pdf
[2010/01/18 10:46:30 | 002,499,072 | ---- | C] () -- C:\Documents and Settings\Mike\CENTER_OF_THE_BIBLE.pps
[2010/01/12 14:45:42 | 000,009,107 | ---- | C] () -- C:\Documents and Settings\Mike\FOREPLAY.mid
[2009/12/30 09:57:20 | 000,139,631 | ---- | C] () -- C:\Documents and Settings\Mike\mitchellTBOX.pdf
[2009/12/29 13:39:40 | 000,035,662 | ---- | C] () -- C:\Documents and Settings\Mike\091229108371CT3730XY.pdf
[2009/12/28 17:11:02 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Mike\Getting a Clear id (1).doc
[2009/12/28 17:10:48 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Mike\Placing an order (1).doc
[2009/12/28 17:09:58 | 004,408,830 | ---- | C] () -- C:\Documents and Settings\Mike\clear pricing.pdf
[2009/12/22 23:37:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/12/18 22:22:23 | 008,657,608 | ---- | C] () -- C:\Documents and Settings\Mike\20091217185037.PDF
[2009/12/17 00:08:22 | 000,165,888 | ---- | C] () -- C:\Documents and Settings\Mike\Getting a Clear id.doc
[2009/12/16 23:06:27 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\Mike\Placing an order.doc
[2009/12/13 16:03:26 | 000,026,966 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Comma Separated Values (Windows).ADR
[2009/12/13 15:27:50 | 000,038,262 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft Excel 97-2003.ADR
[2009/12/03 22:05:36 | 000,070,984 | ---- | C] () -- C:\Documents and Settings\Mike\g2mdlhlpx.exe
[2009/12/02 18:16:08 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\fontdb.mdb
[2009/11/16 13:05:47 | 005,995,308 | ---- | C] () -- C:\Documents and Settings\Mike\BPO Information 408 Winged Foot Drive.pdf
[2009/11/12 11:45:46 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Mike\MIKE CHILDERS.doc
[2009/11/08 21:26:34 | 000,072,648 | ---- | C] () -- C:\Documents and Settings\Mike\Employee Statement.pdf
[2009/11/07 22:04:34 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike\lease (Robbin Brown)Phillips.doc
[2009/10/23 17:05:22 | 006,021,408 | ---- | C] () -- C:\Documents and Settings\Mike\extraordinaire_instrument_de_musique.wmv
[2009/10/21 09:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\longfile.INI
[2009/10/21 09:45:24 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\scpext.dll
[2009/09/08 21:13:07 | 006,681,967 | ---- | C] () -- C:\Documents and Settings\Mike\cockpitviewofshuttlelanding.wmv
[2009/07/16 17:31:42 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\Mike\AE.Init
[2009/07/16 17:31:42 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Mike\AE.Memory
[2009/05/15 19:02:59 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/05/15 17:33:14 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Mike\ntuser.dat.LOG
[2009/05/15 16:59:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\$_hpcst$.hpc
[2008/11/12 14:15:57 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
[2008/11/12 11:06:57 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/11/12 11:06:57 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/11/12 11:06:57 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/11/12 11:06:57 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2008/11/11 20:30:31 | 000,000,130 | ---- | C] () -- C:\WINDOWS\EQUALIZER.INI
[2008/10/29 08:21:56 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\B0CE35F0A7.dll
[2008/10/16 12:08:02 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/10/16 00:52:52 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2008/10/05 22:35:40 | 000,390,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/09/04 09:40:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/09/04 09:26:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\DDSSetup.ini
[2008/03/23 21:33:43 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/04 09:37:24 | 000,000,539 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/25 23:59:18 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2006/02/23 15:03:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2005/09/10 22:28:58 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini
[2005/02/18 10:06:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\OKI C5400n(PS).ini
[2005/01/03 23:37:02 | 000,176,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\SELSAUSB.SYS
[2005/01/03 23:37:02 | 000,176,188 | ---- | C] () -- C:\WINDOWS\System32\drivers\LSAUSB.SYS
[2004/12/31 09:22:45 | 000,002,395 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2004/12/24 19:19:49 | 000,000,236 | ---- | C] () -- C:\WINDOWS\ndw.ini
[2004/09/21 23:00:50 | 000,000,033 | ---- | C] () -- C:\WINDOWS\QkEngine.INI
[2004/09/18 06:19:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Mike\ntuser.ini
[2004/09/18 06:18:12 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2004/09/18 06:18:12 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2004/09/17 22:33:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/17 21:56:40 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/09/17 21:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/09/17 16:39:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/16 15:02:25 | 000,000,738 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/16 14:41:50 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/05/16 14:32:59 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/16 14:26:20 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/16 14:25:42 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/16 13:49:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/16 13:49:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/10/07 11:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/30 08:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/03/30 22:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/17 22:21:33 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/05/17 14:09:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/28 23:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/03/08 04:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/05/15 19:02:59 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2003/10/07 04:37:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/10/07 04:37:54 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/10/07 04:37:54 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Program Files\Signmaker X4:{56004D00-6C00-6500-5200-480046007500}
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


ESET only scanned 16% after 18 hours so it looks like it's going to take awhile

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:11 PM

Posted 25 April 2010 - 03:55 AM

Ok,

Post back with the result when you have it smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 CheleCity

CheleCity
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 26 April 2010 - 07:26 AM

C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\63\7a86423f-54251c49 multiple threats deleted - quarantined
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\63\7a86423f-6a1e475c a variant of OSX/Exploit.Smid.B trojan deleted - quarantined
C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{46471F56-6594-4461-BB59-7D2FBDDB13A7}\Copy of Microsoft\Outlook Express\Inbox.dbx Win32/Nuwar.M worm unable to clean
C:\System Volume Information\_restore{EABCAB45-42A4-472A-8674-85AD723A5F23}\RP1061\A0145271.dll Win32/Induc virus deleted - quarantined
E:\My Shared Files\Adobe Premiere Pro v7.0 WinXP FULL ISO Incl. Keygen.rar probably a variant of Win32/Spy.Agent trojan deleted - quarantined
E:\Darlene\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5F19C3BF-FCF3-41D5-BFD4-126E5C1D0B2C}\Microsoft\Outlook Express\Deleted Items.bak Win32/Fuclip.B trojan unable to clean
E:\Darlene\Documents and Settings\Owner\Local Settings\Application Data\Identities\{5F19C3BF-FCF3-41D5-BFD4-126E5C1D0B2C}\Microsoft\Outlook Express\Deleted Items.dbx Win32/Fuclip.B trojan unable to clean
E:\Darlene\Documents and Settings\Owner\Desktop\setupxv.exe a variant of Win32/Adware.RegistrySmart.AA application deleted - quarantined
E:\Darlene\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5286af48-7fd03b06.zip probably a variant of Win32/Agent trojan deleted - quarantined
E:\Darlene\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\9\46b81009-5ed09d6b probably a variant of Win32/Agent trojan deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users