Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Browser Hijacker


  • This topic is locked This topic is locked
9 replies to this topic

#1 craasher

craasher

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 19 April 2010 - 08:47 AM

Hello Everyone. I have cleaned a person at churches desktop and removed Internet Security 2010 and neither Malwarebytes or Spybot are dectecting anything else. Both of those are updated nightly but I have been fighting a browser hijacker for a week now. The good thing is I have trained the person to cancel out of the hijacks once they happen and it would redirect eventually to a site to become reinfected with IS2010 and we hve been able to stop that just not the hijacks. I have run the DDS scan but the GMER scan locks the computer up. It freezes on the same file everytime which is disk.sys. I also did the defogger before I ran GMER but it still locks up.

Oh also the church is running AVG Enterprise version 9.0.801 and the last scan ran with definitions 271.1.1/2810. Thank you for this service you provide and assistance in everything.

I work on this computer remotely and had trouble posting the logs on this site for some reason I think it was with the attachment. I've been trying to get GMER to run and get current logs but all GMER does is lock the machine up.

Here are the DDS files.


DDS (Ver_10-03-17.01) - NTFSx86
Run by pastorsec at 20:20:30.16 on Tue 04/13/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.503 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHELBY\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Documents and Settings\pastorsec\Desktop\Defogger.exe
C:\Documents and Settings\pastorsec\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R280 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\docume~1\pastor~1\locals~1\temp\E_S3B.tmp" /EF "HKCU"
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194389003625
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.227.31.203:81/activex/AMC.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-15 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-15 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-15 29512]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 MSSQL$SHELBY;MSSQL$SHELBY;c:\program files\microsoft sql server\mssql$shelby\binn\sqlservr.exe [2005-5-4 9158656]
R3 PhoneTreeUSB;PhoneTree USB Driver (phontree.sys);c:\windows\system32\drivers\PhonTrnt.sys [2009-2-5 27776]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\9.tmp --> c:\windows\system32\9.tmp [?]
S3 PTHardLoader;PhoneTree USB Loader Driver (pthloadr.sys);c:\windows\system32\drivers\PTHLdrnt.sys [2009-2-12 25800]
S3 SQLAgent$SHELBY;SQLAgent$SHELBY;c:\program files\microsoft sql server\mssql$shelby\binn\sqlagent.EXE [2005-5-3 323584]

=============== Created Last 30 ================

2010-04-14 01:19:26 0 ----a-w- c:\documents and settings\pastorsec\defogger_reenable
2010-04-06 21:35:50 0 d-----w- c:\program files\Trend Micro
2010-04-06 19:40:11 6144 ------w- c:\windows\system32\8.tmp
2010-04-06 19:40:02 6144 ------w- c:\windows\system32\7.tmp
2010-04-06 19:39:56 0 d-----w- c:\program files\Sophos
2010-04-06 17:23:18 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-06 17:23:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-01 21:52:27 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-01 21:52:27 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-31 15:35:13 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-22 20:06:33 0 d-----w- c:\program files\PowerPoint Alchemy
2010-03-22 20:06:33 0 d-----w- c:\docume~1\pastor~1\applic~1\PPTAlchemy
2010-03-22 20:02:34 4078304 ----a-w- C:\Jigsaw_Maker2c.zip
2010-03-15 16:53:47 0 d-----w- c:\program files\PresentationPro
2010-03-15 16:53:47 0 d-----w- c:\docume~1\pastor~1\applic~1\PresPro
2010-03-15 16:52:49 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-04-08 18:05:22 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-01 13:07:33 905216 ----a-w- c:\windows\system32\ssv5axgn.dll
2010-04-01 13:07:33 1224704 ----a-w- c:\windows\system32\ssv5axtax.dll
2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll
2010-03-05 14:17:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 14:17:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 14:17:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-02 21:09:14 438272 ----a-w- c:\windows\system32\MRTKAgnt.dll
2010-02-17 13:53:42 61440 ----a-w- c:\windows\system32\ssv5axZP.exe
2010-02-17 13:53:41 1548288 ----a-w- c:\windows\system32\ssv5axwv.dll
2010-02-17 13:53:41 151552 ----a-w- c:\windows\system32\ssv5axmail.dll
2010-02-17 13:53:40 3141632 ----a-w- c:\windows\system32\ssv5axSL.exe
2010-02-17 13:53:38 1323008 ----a-w- c:\windows\system32\ssv5axpr.dll
2010-02-17 13:53:37 458752 ----a-w- c:\windows\system32\ssv5axmm.dll
2010-02-17 13:53:37 274432 ----a-w- c:\windows\system32\ssv5axpm.dll
2010-02-17 13:53:36 835584 ----a-w- c:\windows\system32\ssv5axdb.dll
2010-02-17 13:53:36 462848 ----a-w- c:\windows\system32\ssv5axgb.dll
2010-02-17 13:53:36 32768 ----a-w- c:\windows\system32\ssv5axcx.dll
2010-02-17 13:53:36 28672 ----a-w- c:\windows\system32\ssv5axcsp.dll
2010-02-17 13:53:35 208896 ----a-w- c:\windows\system32\ssv5axCC.exe
2010-02-04 20:05:11 344998294 ----a-w- C:\Photoshop_CS2_tryout.zip
2008-08-19 14:21:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 20:22:00.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 23 April 2010 - 06:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

PS> For GMER, if it crashes, try the following (in order of preference):
  • Try running in safe mode
  • Try running in safe mode while unplugged from the internet
  • try running without the 'devices' checked
  • try running with only 'Files' and 'Sections' checked.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 craasher

craasher
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 26 April 2010 - 03:55 PM

Thank you for your response. I understand that it can take a while when overloaded. I will get this done tonight and post it back here. Thanks again.

The only things I have done sice the original logs was run Malwarebytes a few times to make sure it didn't get a bigger infection and just stayed with the browser hijacker.

Edited by craasher, 26 April 2010 - 03:58 PM.


#4 craasher

craasher
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 27 April 2010 - 09:14 AM

Here are the Two logs from OTL I'm working GMER running right now.

OTL LOG

OTL logfile created on: 4/27/2010 8:57:37 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\pastorsec\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,006.00 Mb Total Physical Memory | 452.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 206.56 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 273.40 Gb Total Space | 238.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive S: | 273.40 Gb Total Space | 238.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
Drive T: | 64.00 Gb Total Space | 58.16 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Computer Name: MUSICSEC
Current User Name: pastorsec
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/27 08:56:20 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pastorsec\Desktop\OTL.exe
PRC - [2010/04/20 08:18:33 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/30 08:50:01 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/05 09:17:49 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/05 09:17:47 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/05 09:17:42 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/05 09:17:40 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SHELBY\Binn\sqlservr.exe
PRC - [2008/04/13 19:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/05 07:20:46 | 000,179,016 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/01/05 07:20:46 | 000,098,304 | R--- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 08:56:20 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pastorsec\Desktop\OTL.exe
MOD - [2008/04/13 19:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/05 09:17:47 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/10 17:18:02 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$SHELBY\Binn\sqlservr.exe -- (MSSQL$SHELBY)
SRV - [2007/11/14 17:15:14 | 000,272,120 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\svcrgr.exe -- (WmiApSrv)
SRV - [2007/01/05 07:20:46 | 000,179,016 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/01/05 07:20:46 | 000,098,304 | R--- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$SHELBY\Binn\sqlagent.EXE -- (SQLAgent$SHELBY)


========== Driver Services (SafeList) ==========

DRV - [2010/03/05 09:17:48 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/05 09:17:42 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/05 09:17:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/02/12 11:16:26 | 000,025,800 | ---- | M] (PCS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTHLdrnt.sys -- (PTHardLoader) PhoneTree USB Loader Driver (pthloadr.sys)
DRV - [2009/02/05 18:32:18 | 000,027,776 | ---- | M] (PCS) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhonTrnt.sys -- (PhoneTreeUSB) PhoneTree USB Driver (phontree.sys)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/05 07:22:57 | 001,181,824 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/01/05 07:22:02 | 000,246,680 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/01/05 07:20:45 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/05 07:20:25 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/05 07:20:24 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2006/04/04 16:20:00 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-1798957696-3477613788-1363530348-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1798957696-3477613788-1363530348-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/30 15:31:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/06 12:27:12 | 000,385,900 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-1798957696-3477613788-1363530348-1012\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1798957696-3477613788-1363530348-1012..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1798957696-3477613788-1363530348-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1194389003625 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://216.227.31.203:81/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.101.10 10.3.101.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = parkermemorial.local
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/06 18:15:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4d073b42-8c89-11dc-aeaa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4d073b42-8c89-11dc-aeaa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d073b42-8c89-11dc-aeaa-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{65e4adad-8e53-11dc-b28c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{65e4adad-8e53-11dc-b28c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{65e4adad-8e53-11dc-b28c-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{a113adad-8d7b-11dc-a4da-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a113adad-8d7b-11dc-a4da-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a113adad-8d7b-11dc-a4da-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{cbfc8d5f-3dd8-11df-8213-0019d1a90bb0}\Shell - "" = AutoRun
O33 - MountPoints2\{cbfc8d5f-3dd8-11df-8213-0019d1a90bb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbfc8d5f-3dd8-11df-8213-0019d1a90bb0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1798957696-3477613788-1363530348-1012\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/06 18:15:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^pastorsec^Start Menu^Programs^Startup^PowerReg Scheduler.exe - C:\Documents and Settings\pastorsec\Start Menu\Programs\Startup\PowerReg Scheduler.exe - File not found
MsConfig - StartUpReg: ACSTray - hkey= - key= - C:\WINACS\ACSTRAY.EXE File not found
MsConfig - StartUpReg: atchk - hkey= - key= - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus Photo R280 Series - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: IntelAudioStudio - hkey= - key= - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8E510C72-3DE1-272C-55FE-E56A30193596} - DirectAnimation
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E1FC1970-F32E-DCE8-7750-369276354CC0} - Macromedia Shockwave Director 8.0
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 08:56:15 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pastorsec\Desktop\OTL.exe
[2010/04/21 13:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Desktop\VIDEO_TS
[2010/04/17 13:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\PPTAlchemy
[2010/04/17 13:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPoint Alchemy
[2010/04/16 12:17:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/04/14 17:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\My Documents\New Folder
[2010/04/07 07:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\HP
[2010/04/06 16:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/06 14:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/06 12:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/06 12:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/25 09:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/15 11:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\PresPro
[2010/03/15 11:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\PresentationPro
[2010/03/15 11:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/12 10:22:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\POWERUP
[2010/03/12 10:22:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\POWERALB
[2010/03/08 11:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/03/08 11:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Broderbund Software
[2010/03/08 11:08:36 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/03/08 11:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\The Logo Creator v5
[2010/03/08 10:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\The Print Shop 21
[2010/03/05 14:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\My Documents\Corel User Files
[2010/03/05 14:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Corel
[2010/03/05 14:24:04 | 000,421,888 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\fxdb.dll
[2010/03/05 14:24:04 | 000,126,976 | ---- | C] (Corel) -- C:\WINDOWS\System32\FXAB32.DLL
[2010/03/05 14:23:26 | 000,131,072 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\shellwp.dll
[2010/03/05 14:23:26 | 000,007,680 | ---- | C] (Corel Corporation Limited) -- C:\WINDOWS\System32\shlwp9en.dll
[2010/03/05 14:23:25 | 000,046,592 | ---- | C] (Blue Sky Software Corporation) -- C:\WINDOWS\System32\csh.dll
[2010/03/05 14:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Help
[2010/03/05 14:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Help
[2010/03/05 13:53:28 | 000,093,184 | ---- | C] (Novell Inc.) -- C:\WINDOWS\System32\LTIH21TB.DLL
[2010/03/05 13:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/03/05 13:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Corel
[2010/03/05 09:17:48 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/02 16:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\MapInfo MapX
[2010/02/18 16:26:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\pastorsec\My Documents\My Data Sources
[2010/02/18 09:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Malwarebytes
[2010/02/18 09:42:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 09:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 09:42:57 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 09:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 09:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\U3
[2010/02/18 00:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xxffws
[2010/02/18 00:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/17 23:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/17 23:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/17 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/17 15:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/17 15:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/16 09:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\My Documents\Leawo
[2010/02/16 09:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Leawo
[2010/02/16 09:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/02/16 09:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/02/16 09:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/02/15 09:35:41 | 000,970,752 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf210.dll
[2010/02/15 09:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/15 09:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Calendar Creator
[2010/02/15 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Connection Wizard
[2010/02/15 09:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\NZRVR
[2010/02/12 08:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Data Dynamics
[2010/02/12 08:38:33 | 000,000,000 | ---D | C] -- C:\MailRoom
[2010/02/11 09:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/02/10 17:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/02/10 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/02/10 17:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/10 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/02/10 17:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Desktop\Adobe Photoshop Elements 8
[2010/02/10 16:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Download Manager
[2010/02/10 14:25:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pastorsec\My Documents\My Videos
[2010/02/10 09:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\My Documents\My Print Creations
[2010/02/10 09:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Arcsoft
[2010/02/09 15:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\My Documents\Moyea
[2010/02/09 15:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Moyea
[2010/02/09 15:24:59 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/09 15:24:59 | 000,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2010/02/09 15:24:59 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/02/09 15:24:25 | 019,723,470 | ---- | C] (Moyea Software Co., LTD ) -- C:\Documents and Settings\pastorsec\Desktop\ppt2dvd_aff.exe
[2010/02/09 14:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/02/09 14:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/08 12:51:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2010/02/08 12:51:14 | 000,245,760 | ---- | C] (Broderbund) -- C:\WINDOWS\System32\PretzlUp.dll
[2010/02/08 12:51:14 | 000,192,512 | ---- | C] (Broderbund) -- C:\WINDOWS\System32\PretzlDn.dll
[2010/02/08 12:50:59 | 000,483,328 | ---- | C] (3DGreetings) -- C:\WINDOWS\System32\vroom.dll
[2010/02/08 12:50:59 | 000,176,128 | ---- | C] (3DGreetings) -- C:\WINDOWS\System32\vroomlib.dll
[2010/02/08 12:50:59 | 000,069,632 | ---- | C] (T.L.C.P.P. L.L.C.) -- C:\WINDOWS\System32\vroomsap.exe
[2010/02/08 12:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2010/02/08 12:45:33 | 000,114,176 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\SSCE4132.DLL
[2010/02/08 12:45:33 | 000,090,112 | ---- | C] (TLC Productivity Properties LLC) -- C:\WINDOWS\System32\ImageServerMI.dll
[2010/02/08 12:45:33 | 000,053,248 | ---- | C] (TLC Productivity Properties LLC) -- C:\WINDOWS\System32\PretzelSpellCheck.dll
[2010/02/08 12:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Broderbund
[2010/02/08 12:45:32 | 000,317,116 | ---- | C] (Btrieve Technologies, Incorporated) -- C:\WINDOWS\System32\WBTR32.EXE
[2010/02/08 12:45:32 | 000,101,376 | ---- | C] (Parsons Technology, Inc.) -- C:\WINDOWS\System32\Ptsaab32.dll
[2010/02/08 12:45:32 | 000,096,768 | ---- | C] (Parsons Technology, Inc.) -- C:\WINDOWS\System32\Ptsacx40.dll
[2010/02/08 12:45:32 | 000,050,048 | ---- | C] (Parsons Technology, Inc.) -- C:\WINDOWS\System32\PTSAABDB.DLL
[2010/02/08 12:45:32 | 000,017,704 | ---- | C] (Btrieve Technologies, Incorporated) -- C:\WINDOWS\System32\WBTRLOCL.DLL
[2010/02/08 12:45:32 | 000,016,496 | ---- | C] (Btrieve Technologies, Inc.) -- C:\WINDOWS\System32\WBTRCALL.DLL
[2010/02/08 12:45:32 | 000,004,280 | ---- | C] (Btrieve Technologies, Incorporated) -- C:\WINDOWS\System32\WBT32RES.DLL
[2010/02/08 12:45:32 | 000,004,128 | ---- | C] (Btrieve Technologies, Inc.) -- C:\WINDOWS\System32\WBTRVRES.DLL
[2010/02/08 12:45:31 | 000,794,624 | ---- | C] (TLC Productivity Properties LLC) -- C:\WINDOWS\System32\PMAppBuilder.dll
[2010/02/08 12:45:31 | 000,102,400 | ---- | C] (TLC Productivity Properties LLC) -- C:\WINDOWS\System32\PMovieServer.dll
[2010/02/08 12:45:31 | 000,081,920 | ---- | C] (TLC Productivity Properties LLC) -- C:\WINDOWS\System32\CONNMGR.OCX
[2010/02/08 12:45:31 | 000,045,056 | ---- | C] (TLC Productivity Properties LLC) -- C:\WINDOWS\System32\ImportClient.dll
[2010/02/08 12:45:31 | 000,021,840 | ---- | C] (Parsons Technology, Inc.) -- C:\WINDOWS\System32\PTSAAB30.DLL
[2010/02/08 12:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Broderbund
[2010/02/08 12:40:29 | 000,000,000 | ---D | C] -- C:\EPSONREG
[2010/02/08 12:32:29 | 000,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2010/02/08 12:32:28 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/02/08 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/02/08 12:32:23 | 000,126,976 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Slideshow.scr
[2010/02/08 12:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PhotoImpression Slideshow
[2010/02/08 12:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/02/08 12:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Print CD
[2010/02/08 12:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/02/08 12:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/02/07 10:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Identities
[2010/02/05 15:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\PCHealth
[2010/02/03 17:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/03 15:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Adobe
[2010/02/03 13:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Macromedia
[2010/02/03 13:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Adobe
[2010/02/03 13:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Yahoo!
[2010/02/03 13:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\HPAppData
[2010/02/03 13:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Google
[2010/02/03 13:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Google
[2010/02/03 13:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Shelby
[2010/02/03 13:08:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\pastorsec\Application Data\Microsoft
[2010/02/03 13:08:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pastorsec\Application Data
[2010/02/03 13:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Identities
[2010/02/03 13:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Application Data\Ahead
[2010/02/03 13:08:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pastorsec\SendTo
[2010/02/03 13:08:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pastorsec\Recent
[2010/02/03 13:08:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pastorsec\Start Menu
[2010/02/03 13:08:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pastorsec\My Documents\My Pictures
[2010/02/03 13:08:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pastorsec\My Documents\My Music
[2010/02/03 13:08:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\pastorsec\Favorites
[2010/02/03 13:08:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\pastorsec\UserData
[2010/02/03 13:08:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\pastorsec\Cookies
[2010/02/03 13:08:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\pastorsec\Templates
[2010/02/03 13:08:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\pastorsec\PrintHood
[2010/02/03 13:08:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\pastorsec\NetHood
[2010/02/03 13:08:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\pastorsec\Local Settings
[2010/02/03 13:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\My Documents
[2010/02/03 13:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Microsoft Help
[2010/02/03 13:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Microsoft
[2010/02/03 13:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Desktop
[2010/02/03 13:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\ApplicationHistory
[2010/02/03 13:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\Ahead
[2010/02/03 12:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Signature Colors Virtual Painter
[2008/11/13 14:54:14 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/11/14 17:26:24 | 000,159,744 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.DLL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/27 08:56:20 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pastorsec\Desktop\OTL.exe
[2010/04/27 08:55:38 | 059,302,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/27 08:54:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/27 08:52:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 08:52:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 09:40:56 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\pastorsec\NTUSER.DAT
[2010/04/25 09:40:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\pastorsec\ntuser.ini
[2010/04/24 11:02:18 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Microsoft Office Publisher 2007.lnk
[2010/04/24 09:31:43 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 09:17:50 | 000,010,983 | ---- | M] () -- C:\WINDOWS\MRTK.ini
[2010/04/24 08:47:22 | 000,000,024 | ---- | M] () -- C:\WINDOWS\MRTKKey.ini
[2010/04/23 11:42:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/19 11:23:40 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Calculator.lnk
[2010/04/19 09:06:45 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Calendar Creator.lnk
[2010/04/17 13:13:03 | 003,727,872 | ---- | M] () -- C:\Documents and Settings\pastorsec\My Documents\Jigsaw_Maker 2c.msi
[2010/04/17 13:13:03 | 000,545,238 | ---- | M] () -- C:\Documents and Settings\pastorsec\My Documents\Installing & Using Jigsaw maker V2.pdf
[2010/04/16 03:04:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 03:04:00 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/13 20:19:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\pastorsec\defogger_reenable
[2010/04/13 20:18:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Defogger.exe
[2010/04/12 21:22:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\gmer.exe
[2010/04/12 21:22:06 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\gmer.zip
[2010/04/12 21:15:37 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\dds.scr
[2010/04/06 14:21:00 | 000,012,178 | -HS- | M] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\3Yfi
[2010/04/06 14:21:00 | 000,012,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/06 12:27:12 | 000,385,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/06 12:24:29 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Spybot - Search & Destroy.lnk
[2010/04/05 10:13:45 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System32\SSV5DATE.INI
[2010/04/01 08:07:33 | 001,224,704 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axtax.dll
[2010/04/01 08:07:33 | 000,905,216 | ---- | M] (Shelby Systems Inc.) -- C:\WINDOWS\System32\ssv5axgn.dll
[2010/04/01 07:35:34 | 000,432,040 | ---- | M] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/31 09:19:12 | 000,004,466 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7VJ5
[2010/03/31 09:19:11 | 000,004,466 | -HS- | M] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\7VJ5
[2010/03/31 09:18:19 | 000,000,625 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/31 09:18:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/31 09:18:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/30 15:22:12 | 004,319,876 | -H-- | M] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\IconCache.db
[2010/03/30 15:22:11 | 000,014,332 | -HS- | M] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\J7Qo
[2010/03/30 15:22:11 | 000,014,332 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\J7Qo
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 15:02:34 | 004,078,304 | ---- | M] () -- C:\Jigsaw_Maker2c.zip
[2010/03/17 08:11:45 | 000,551,792 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/17 08:11:45 | 000,462,188 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/17 08:11:45 | 000,079,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/17 08:09:42 | 001,597,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/12 10:38:43 | 000,001,017 | ---- | M] () -- C:\WINDOWS\POWERUP.INI
[2010/03/12 10:35:11 | 000,000,030 | ---- | M] () -- C:\WINDOWS\GRAPHICS FILTERS
[2010/03/12 10:32:37 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut (2) to Power Up!.lnk
[2010/03/08 11:57:34 | 000,002,229 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 21.lnk
[2010/03/08 11:08:36 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\The Logo Creator v5.exe.lnk
[2010/03/08 10:52:56 | 000,000,171 | ---- | M] () -- C:\WINDOWS\encore_launcher.ini
[2010/03/05 17:11:01 | 000,000,081 | ---- | M] () -- C:\WINDOWS\ImportClient.INI
[2010/03/05 14:32:33 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to wpwin9.lnk
[2010/03/05 14:29:54 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\pastorsec\Application Data\PFP90JPR.{PB
[2010/03/05 14:29:54 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\pastorsec\Application Data\PFP90JCM.{PB
[2010/03/05 14:27:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/03/05 14:24:46 | 000,000,529 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/03/05 14:02:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\wt9sptlEN.INI
[2010/03/05 09:17:48 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/05 09:17:48 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/05 09:17:42 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/05 09:17:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/03 09:08:15 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\win.ini
[2010/03/02 16:20:35 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhoneTree.lnk
[2010/03/02 16:09:14 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\MRTKAgnt.dll
[2010/03/02 16:08:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpE2D13.FOT
[2010/03/02 16:08:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpBAD13.FOT
[2010/03/02 16:08:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmp81E13.FOT
[2010/02/27 15:25:44 | 036,300,180 | ---- | M] () -- C:\Documents and Settings\pastorsec\My Documents\2010 & Beyond Fri New Format.pptx
[2010/02/18 09:43:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 00:12:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/18 00:12:46 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/17 09:13:32 | 000,001,288 | ---- | M] () -- C:\WINDOWS\Formset.ini
[2010/02/17 09:13:32 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shelby v5.lnk
[2010/02/17 09:13:32 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ShelbyEZ-VIEW.lnk
[2010/02/17 08:53:42 | 000,061,440 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axZP.exe
[2010/02/17 08:53:41 | 001,548,288 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axwv.dll
[2010/02/17 08:53:41 | 000,151,552 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axmail.dll
[2010/02/17 08:53:40 | 003,141,632 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axSL.exe
[2010/02/17 08:53:39 | 000,348,160 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axtw.ocx
[2010/02/17 08:53:38 | 004,390,912 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axqb.ocx
[2010/02/17 08:53:38 | 001,323,008 | ---- | M] (Shelby Systems Inc.) -- C:\WINDOWS\System32\ssv5axpr.dll
[2010/02/17 08:53:38 | 000,086,016 | ---- | M] (Shelby Systems) -- C:\WINDOWS\System32\ssv5axpic.ocx
[2010/02/17 08:53:37 | 000,458,752 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axmm.dll
[2010/02/17 08:53:37 | 000,274,432 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axpm.dll
[2010/02/17 08:53:37 | 000,188,416 | ---- | M] (Shelby Systems) -- C:\WINDOWS\System32\ssv5axmappoint.ocx
[2010/02/17 08:53:36 | 000,835,584 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axdb.dll
[2010/02/17 08:53:36 | 000,675,840 | ---- | M] (Shelby Systems) -- C:\WINDOWS\System32\ssv5axccocx.ocx
[2010/02/17 08:53:36 | 000,462,848 | ---- | M] (Shelby Systems, Inc) -- C:\WINDOWS\System32\ssv5axgb.dll
[2010/02/17 08:53:36 | 000,032,768 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axcx.dll
[2010/02/17 08:53:36 | 000,028,672 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axcsp.dll
[2010/02/17 08:53:35 | 000,208,896 | ---- | M] (Shelby Systems, Inc.) -- C:\WINDOWS\System32\ssv5axCC.exe
[2010/02/16 09:43:50 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Leawo Video Converter.lnk
[2010/02/16 09:38:40 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Moyea PPT to DVD Burner Pro.lnk
[2010/02/15 09:35:32 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Visit Broderbund.lnk
[2010/02/10 17:17:15 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/02/09 15:43:48 | 000,001,748 | -H-- | M] () -- C:\Documents and Settings\pastorsec\My Documents\Default.rdp
[2010/02/09 15:24:25 | 019,723,470 | ---- | M] (Moyea Software Co., LTD ) -- C:\Documents and Settings\pastorsec\Desktop\ppt2dvd_aff.exe
[2010/02/09 14:50:54 | 000,003,442 | ---- | M] () -- C:\WINDOWS\hpbvnstp.his
[2010/02/09 14:50:54 | 000,001,298 | ---- | M] () -- C:\WINDOWS\hpbvnstp.ini
[2010/02/08 15:53:38 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to OUTLOOK.lnk
[2010/02/08 15:52:16 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to EXCEL.lnk
[2010/02/08 15:49:52 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to WINWORD.lnk
[2010/02/08 15:49:39 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to POWERPNT.lnk
[2010/02/08 12:46:07 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ExpressIt.com.url
[2010/02/08 12:45:57 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 12.lnk
[2010/02/08 12:42:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/02/08 12:40:27 | 000,000,044 | ---- | M] () -- C:\WINDOWS\EPSPR280.ini
[2010/02/08 12:39:46 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson CreativeZone.url
[2010/02/08 12:33:16 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print Creations.lnk
[2010/02/08 12:32:28 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Photo Impression 6.lnk
[2010/02/08 12:31:39 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Print CD.lnk
[2010/02/04 15:05:11 | 344,998,294 | ---- | M] () -- C:\Photoshop_CS2_tryout.zip
[2010/02/02 10:56:04 | 000,183,798 | ---- | M] () -- C:\WINDOWS\System32\Wshadingxx.bmp
[2010/02/02 10:56:02 | 000,153,174 | ---- | M] () -- C:\WINDOWS\System32\BShadingxx.bmp
[2010/02/02 10:55:59 | 000,076,614 | ---- | M] () -- C:\WINDOWS\System32\AdcgainDone.bmp
[2010/02/02 10:55:58 | 000,076,614 | ---- | M] () -- C:\WINDOWS\System32\AdcgainBefort.bmp
[2010/01/29 16:03:30 | 000,044,278 | ---- | M] () -- C:\WINDOWS\System32\Autoler.bmp
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/16 03:04:00 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/13 20:19:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\pastorsec\defogger_reenable
[2010/04/13 20:18:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Defogger.exe
[2010/04/12 21:22:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\gmer.zip
[2010/04/12 21:15:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\dds.scr
[2010/04/06 14:16:10 | 000,012,178 | -HS- | C] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\3Yfi
[2010/04/06 14:16:10 | 000,012,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/06 12:24:29 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Spybot - Search & Destroy.lnk
[2010/03/31 09:18:38 | 000,004,466 | -HS- | C] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\7VJ5
[2010/03/31 09:18:38 | 000,004,466 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7VJ5
[2010/03/30 12:14:41 | 000,014,332 | -HS- | C] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\J7Qo
[2010/03/30 12:14:41 | 000,014,332 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\J7Qo
[2010/03/22 15:02:34 | 004,078,304 | ---- | C] () -- C:\Jigsaw_Maker2c.zip
[2010/03/12 10:32:37 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut (2) to Power Up!.lnk
[2010/03/12 10:26:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\GRAPHICS FILTERS
[2010/03/12 10:22:28 | 000,001,017 | ---- | C] () -- C:\WINDOWS\POWERUP.INI
[2010/03/08 11:08:36 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\The Logo Creator v5.exe.lnk
[2010/03/08 10:56:02 | 000,002,229 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 21.lnk
[2010/03/05 14:32:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to wpwin9.lnk
[2010/03/05 14:29:54 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\pastorsec\Application Data\PFP90JPR.{PB
[2010/03/05 14:29:54 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\pastorsec\Application Data\PFP90JCM.{PB
[2010/03/05 14:23:25 | 000,028,252 | ---- | C] () -- C:\WINDOWS\corelpf.lrs
[2010/03/05 14:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wt9sptlEN.INI
[2010/03/05 13:55:17 | 000,000,458 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/03/05 13:55:02 | 000,000,529 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/03/05 13:53:46 | 001,467,700 | ---- | C] () -- C:\WINDOWS\System32\ODBC.HLP
[2010/03/05 13:53:46 | 000,039,239 | ---- | C] () -- C:\WINDOWS\System32\ODBC.CNT
[2010/03/05 13:53:46 | 000,026,858 | ---- | C] () -- C:\WINDOWS\System32\ODBCinst.HLP
[2010/03/05 13:53:46 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\ODBCinst.CNT
[2010/03/05 13:53:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2010/03/05 13:53:40 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\bdeadmin.cpl
[2010/03/05 13:53:19 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2010/03/05 13:53:18 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2010/03/05 13:53:18 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2010/03/02 16:20:35 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhoneTree.lnk
[2010/03/02 16:08:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpE2D13.FOT
[2010/03/02 16:08:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpBAD13.FOT
[2010/03/02 16:08:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmp81E13.FOT
[2010/02/27 15:25:43 | 036,300,180 | ---- | C] () -- C:\Documents and Settings\pastorsec\My Documents\2010 & Beyond Fri New Format.pptx
[2010/02/19 13:20:28 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\pastorsec\Application Data\moyea_dia.log
[2010/02/18 09:43:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/18 00:12:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/18 00:12:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/16 09:43:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/16 09:43:50 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Leawo Video Converter.lnk
[2010/02/16 09:38:40 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Moyea PPT to DVD Burner Pro.lnk
[2010/02/15 11:24:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MRTKKey.ini
[2010/02/15 09:35:32 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Visit Broderbund.lnk
[2010/02/15 09:35:31 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Calendar Creator.lnk
[2010/02/15 09:33:22 | 000,000,171 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2010/02/12 08:42:30 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\MRTKAgnt.dll
[2010/02/12 08:38:29 | 000,010,983 | ---- | C] () -- C:\WINDOWS\MRTK.ini
[2010/02/10 20:16:48 | 000,545,238 | ---- | C] () -- C:\Documents and Settings\pastorsec\My Documents\Installing & Using Jigsaw maker V2.pdf
[2010/02/10 17:17:15 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/02/09 15:10:22 | 000,001,748 | -H-- | C] () -- C:\Documents and Settings\pastorsec\My Documents\Default.rdp
[2010/02/09 14:50:43 | 000,003,442 | ---- | C] () -- C:\WINDOWS\hpbvnstp.his
[2010/02/09 14:50:43 | 000,001,298 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/02/08 15:53:38 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to OUTLOOK.lnk
[2010/02/08 15:52:16 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to EXCEL.lnk
[2010/02/08 15:49:52 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to WINWORD.lnk
[2010/02/08 15:49:39 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\pastorsec\Desktop\Shortcut to POWERPNT.lnk
[2010/02/08 13:44:39 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\pastorsec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 13:10:08 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2010/02/08 12:46:07 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ExpressIt.com.url
[2010/02/08 12:45:57 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Print Shop 12.lnk
[2010/02/08 12:45:32 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2010/02/08 12:45:31 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2010/02/08 12:39:46 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson CreativeZone.url
[2010/02/08 12:33:16 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print Creations.lnk
[2010/02/08 12:32:28 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Impression 6.lnk
[2010/02/08 12:31:39 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Print CD.lnk
[2010/02/08 12:29:12 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/08 12:29:12 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/08 12:29:12 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/08 12:29:12 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/08 12:29:12 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/08 12:29:12 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/08 12:29:12 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/08 12:29:12 | 000,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010/02/08 12:29:12 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/08 12:29:12 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010/02/08 12:29:12 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010/02/08 12:29:12 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010/02/08 12:29:12 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010/02/08 12:29:12 | 000,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010/02/08 12:29:12 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/08 12:29:12 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/08 12:29:12 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/08 12:29:12 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/08 12:29:12 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/08 12:29:12 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/08 12:29:12 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/02/08 12:29:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/08 12:28:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2010/02/04 15:04:24 | 344,998,294 | ---- | C] () -- C:\Photoshop_CS2_tryout.zip
[2010/02/03 13:08:26 | 008,912,896 | -H-- | C] () -- C:\Documents and Settings\pastorsec\NTUSER.DAT
[2010/02/03 13:08:26 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\pastorsec\ntuser.dat.LOG
[2010/02/03 13:08:26 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\pastorsec\ntuser.ini
[2009/05/07 14:52:56 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\SSV5DATE.INI
[2008/04/30 12:02:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2007/12/07 17:20:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/14 17:59:33 | 000,000,205 | ---- | C] () -- C:\WINDOWS\cmw.ini
[2007/11/14 17:39:52 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2007/11/14 17:38:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2007/11/14 17:26:24 | 000,001,288 | ---- | C] () -- C:\WINDOWS\Formset.ini
[2007/11/07 16:04:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/06 17:35:47 | 000,447,120 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/11/06 17:35:47 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2006/08/21 16:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2004/05/01 02:11:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/09/22 03:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll

========== LOP Check ==========

[2010/02/08 12:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.PARKERMEMORIAL\Application Data\Leadertech
[2010/04/02 09:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.PARKERMEMORIAL\Application Data\Moyea
[2010/01/20 18:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/15 09:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/08 12:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/02/10 17:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/07/28 10:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/03/08 11:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/01/20 18:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/16 09:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pastorsec\Application Data\Leawo
[2010/02/09 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pastorsec\Application Data\Moyea
[2010/02/11 09:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pastorsec\Application Data\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/04/17 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pastorsec\Application Data\PPTAlchemy
[2010/03/22 15:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pastorsec\Application Data\PresPro

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/19 08:47:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/19 08:47:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/19 08:47:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/19 08:47:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/04/24 16:57:43 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/04/24 16:57:43 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Extras.txt Log

OTL Extras logfile created on: 4/27/2010 8:57:37 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\pastorsec\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,006.00 Mb Total Physical Memory | 452.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 206.56 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 273.40 Gb Total Space | 238.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive S: | 273.40 Gb Total Space | 238.83 Gb Free Space | 87.35% Space Free | Partition Type: NTFS
Drive T: | 64.00 Gb Total Space | 58.16 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Computer Name: MUSICSEC
Current User Name: pastorsec
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1798957696-3477613788-1363530348-1012\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{063CC377-E480-4867-AB6E-818244CA586A}" = HP Scanjet G3110 11.5
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D3E478D-713E-4D88-884B-C19FD076A340}" = Jigsaw_Maker for PowerPoint
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{12AEE067-4646-41E8-A6EA-FB2AD0E38D30}_is1" = Moyea PPT to DVD Burner Pro version 3.6.0.182
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19E65209-31B3-41B1-B4B9-ACF9ACBF2594}" = Shelby SOAP Install
"{20D88CB0-4237-4FC0-8E49-544FD12D6139}" = Shelby v5 Workstation Setup
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{22B7FBF2-F82F-4241-A49D-D8BBC26CBC20}" = Shelby v5 Workstation Setup
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version 2.2.0.2
"{34ACF0AB-D649-47DC-A90C-6DF34C270D78}" = Intel Audio Studio 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39685AD6-A5D3-45E9-A100-C7B7E6EEA80C}" = Shelby v5 Workstation Setup
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{55647445-D0D5-40CD-BCD3-B663348BA196}" = PowerDesigns Express Tool 2.7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{688EB508-36BF-4402-BB21-1FDF2854EE37}" = DocMgr
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{744A0C72-30B9-49CF-BD5A-2079AEA7278B}" = Shelby v5 Workstation Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77096AFF-1BCA-4CFC-A8DF-E094B3EE1033}" = Nero 7 Essentials
"{7B7E2EB3-2212-4A4F-B838-352C1FC54863}" = hpg3110QFolder
"{7EA216C3-1F46-4C2B-8A13-2AE4BE97A8FF}" = Shelby v5 Workstation Setup
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4150515-EEE1-4C89-8166-E3DC235B4396}" = Shelby v5 Workstation Setup
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A523B1C2-83F6-4432-AD00-10D713EB6C7D}" = Shelby v5 Workstation Setup
"{AA16310D-3F81-4E25-AF60-A54AFC7300C2}" = Shelby v5 Workstation Setup
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B37CC3D6-9152-4203-8F70-27D00EE02A7B}" = Shelby v5 Workstation Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB311402-80EC-449C-BF85-2A66E655984D}" = hpg3110
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB379823-A8AD-463B-B107-B1BA65AD7A04}" = Shelby v5 Workstation Setup
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DCF84385-88E3-4472-8144-E95B823FC5DB}" = The Print Shop 21
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SHELBY)
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E95130D6-49DA-418C-BEB3-0F4E75F04A15}" = Calendar Creator
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{FA697C4D-A94B-4084-8309-12E8D3CFECD2}" = Shelby v5 Workstation Setup
"{FDAF94DB-9BF7-4871-B457-5D7F14D27905}" = Scan
"{FDCA1957-16E8-4608-BD4C-647C2853E95B}" = PhoneTree
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AVG9Uninstall" = AVG 9.0
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Corel Applications" = Corel Applications
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 1.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.5
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"The Logo Creator v5" = The Logo Creator v5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2010 9:18:39 PM | Computer Name = MUSICSEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/24/2010 9:18:42 PM | Computer Name = MUSICSEC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/24/2010 9:18:48 PM | Computer Name = MUSICSEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/24/2010 9:59:15 PM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/24/2010 9:59:15 PM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2010 12:29:39 AM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/25/2010 3:00:02 AM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/25/2010 5:30:26 AM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/25/2010 8:00:50 AM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/25/2010 10:31:13 AM | Computer Name = MUSICSEC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ OSession Events ]
Error - 9/30/2009 4:22:27 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16768
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 2/3/2010 4:09:27 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6540
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 2/17/2010 10:32:21 AM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 708
seconds with 480 seconds of active time. This session ended with a crash.

Error - 2/18/2010 12:20:53 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2645
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 3/4/2010 5:40:29 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 15959 seconds with 6060 seconds of active time. This session ended with
a crash.

Error - 3/4/2010 6:12:40 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1881 seconds with 1680 seconds of active time. This session ended with a
crash.

Error - 3/4/2010 6:32:33 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1166 seconds with 1140 seconds of active time. This session ended with a
crash.

Error - 3/11/2010 10:11:43 AM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2538
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 3/12/2010 5:38:05 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 108877 seconds with 10320 seconds of active time. This session ended with
a crash.

Error - 4/13/2010 3:42:28 PM | Computer Name = MUSICSEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12705
seconds with 540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/24/2010 9:24:03 PM | Computer Name = MUSICSEC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/24/2010 9:24:03 PM | Computer Name = MUSICSEC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/24/2010 9:25:26 PM | Computer Name = MUSICSEC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
service to connect.

Error - 4/24/2010 9:25:26 PM | Computer Name = MUSICSEC | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 4/27/2010 9:52:45 AM | Computer Name = MUSICSEC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/27/2010 9:52:45 AM | Computer Name = MUSICSEC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/27/2010 9:54:07 AM | Computer Name = MUSICSEC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
service to connect.

Error - 4/27/2010 9:54:07 AM | Computer Name = MUSICSEC | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 4/27/2010 9:58:01 AM | Computer Name = MUSICSEC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/27/2010 9:58:02 AM | Computer Name = MUSICSEC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 27 April 2010 - 06:58 PM

ok, please don't forget the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 craasher

craasher
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 29 April 2010 - 10:26 AM

No matter what I do GMER locks the computer up. I've done it in safe mode with and without the internet plugged up. I've let it run for 5 hours and its still stuck on the same files. It sticks on either atapi.sys or disk.sys.

I've also done it with the other choices you had me try in the previous posts.

Edited by craasher, 29 April 2010 - 10:27 AM.


#7 craasher

craasher
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 29 April 2010 - 10:27 AM

I forgot to enable to email notification on the previous posts so this post is just to do that.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 29 April 2010 - 06:30 PM

Hello, craasher.

OK...let's try maxlook instead. I believe you have a backdoor trojan, but need to confirm the file that was patched by malware. It's just a theory until we get that log.

PS>> The email system is fairly reliable...but not 100%. Please check back often just in case. I usually reply within 24 hours, but may be 48 once in a while.


You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 02 May 2010 - 05:58 AM

still with us?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 05 May 2010 - 05:21 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users