Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Internet Security/Online Protection Tool Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 TRSKI

TRSKI

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 28 April 2010 - 06:42 PM

Hi all. I have picked up the Windows Internet Security/Online Protection Tool Virus. It hijacks my browser, and I believe I also have some type of registry or root virus. I cannot download any AV updates nor can I download any other AV applications. I also cannot download anything from the Microsoft website.

Please assist me!

Here is my log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 16:13:19.90 on Wed 04/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.282 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
C:\windows\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Media Center] c:\windows\smss.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258642826000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\pyaktd73.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-1-9 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [2009-12-5 13824]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-6-4 87936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-11 38224]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2007-6-4 32384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2010-04-28 19:29:22 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-04-21 14:38:47 0 d-----w- c:\program files\iPod
2010-04-21 14:38:17 0 d-----w- c:\program files\iTunes
2010-04-21 14:38:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 14:27:04 0 d-----w- c:\program files\Bonjour
2010-04-15 22:23:18 41 ----a-w- c:\windows\smss.exe.tmp
2010-04-15 22:14:26 241280 ----a-w- c:\windows\smss.exe
2010-04-08 12:22:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-04-08 12:21:44 0 d-----w- c:\program files\Pando Networks

==================== Find3M ====================

2010-04-07 20:16:44 62872 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-11-19 17:01:15 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-11-19 17:01:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-11-19 17:01:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009111920091120\index.dat
2009-11-19 17:01:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 16:15:50.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 TRSKI

TRSKI
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 30 April 2010 - 10:34 AM

Guys - can someone please help me!!!!


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 01 May 2010 - 12:54 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:56 AM

Posted 03 May 2010 - 10:14 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:56 AM

Posted 07 May 2010 - 06:50 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#5 TRSKI

TRSKI
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 08 May 2010 - 12:44 PM

Thank you for your response Syler....

This is a repost....I never saw the response. I am running the OTL now and will post the results as soon as it is done.

Sorry for the confusion!

Hi all. I have picked up the Windows Internet Security/Online Protection Tool Virus. It hijacks my browser, and I believe I also have some type of registry or root virus. I cannot download any AV updates nor can I download any other AV applications. I also cannot download anything from the Microsoft website.

Please assist me!

Here is my log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 16:13:19.90 on Wed 04/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.282 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\System32\WLTRYSVC.EXE
C:\windows\System32\bcmwltry.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
C:\windows\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Media Center] c:\windows\smss.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258642826000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\pyaktd73.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-1-9 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [2009-12-5 13824]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-6-4 87936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-11 38224]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2007-6-4 32384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2010-04-28 19:29:22 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-04-21 14:38:47 0 d-----w- c:\program files\iPod
2010-04-21 14:38:17 0 d-----w- c:\program files\iTunes
2010-04-21 14:38:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 14:27:04 0 d-----w- c:\program files\Bonjour
2010-04-15 22:23:18 41 ----a-w- c:\windows\smss.exe.tmp
2010-04-15 22:14:26 241280 ----a-w- c:\windows\smss.exe
2010-04-08 12:22:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-04-08 12:21:44 0 d-----w- c:\program files\Pando Networks

==================== Find3M ====================

2010-04-07 20:16:44 62872 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-11-19 17:01:15 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-11-19 17:01:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-11-19 17:01:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009111920091120\index.dat
2009-11-19 17:01:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 16:15:50.73 ===============

Attached File(s)
Attached File ark.txt ( 2k ) Number of downloads: 2
Attached File Attach.txt ( 19.81k ) Number of downloads: 0

Edited by TRSKI, 08 May 2010 - 12:45 PM.


#6 TRSKI

TRSKI
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 08 May 2010 - 01:42 PM

Extras.txt

OTL Extras logfile created on: 5/8/2010 1:47:09 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 1.23 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWS-810457A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1085031214-746137067-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}" = Roxio Easy Media Creator 7 Basic DVD Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4526249-944F-4108-B686-A435B4A62BA5}" = TI_Inst
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CardScanV5" = CardScan 5.0
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A4526249-944F-4108-B686-A435B4A62BA5}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2010 5:08:47 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\FLEETWOOD
MAC.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 1/21/2010 5:08:47 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\FLEETWOOD
MAC.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 1/21/2010 5:08:51 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\FLOGGIN
MOLLY.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 1/21/2010 5:08:51 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\FOGHAT.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 1/21/2010 5:08:51 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\RECENT\FOGHAT.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 1/21/2010 6:21:13 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 1/21/2010 6:21:13 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 1/22/2010 1:11:03 PM | Computer Name = WINDOWS-810457A | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 1/23/2010 11:09:11 PM | Computer Name = WINDOWS-810457A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/23/2010 11:09:22 PM | Computer Name = WINDOWS-810457A | Source = Application Hang | ID = 1001
Description = Fault bucket 1623347082.

[ OSession Events ]
Error - 4/28/2010 7:43:48 PM | Computer Name = WINDOWS-810457A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12349
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/6/2010 5:05:18 PM | Computer Name = WINDOWS-810457A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6514.5001. This session lasted 3859
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/4/2010 9:20:45 AM | Computer Name = WINDOWS-810457A | Source = DCOM | ID = 10010
Description = The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register
with DCOM within the required timeout.

Error - 5/4/2010 3:11:20 PM | Computer Name = WINDOWS-810457A | Source = Service Control Manager | ID = 7000
Description = The Lbd service failed to start due to the following error: %%2

Error - 5/4/2010 3:11:53 PM | Computer Name = WINDOWS-810457A | Source = DCOM | ID = 10010
Description = The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register
with DCOM within the required timeout.

Error - 5/4/2010 3:50:10 PM | Computer Name = WINDOWS-810457A | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.874.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efd Error description: A connection with the server could not be established


Error - 5/5/2010 10:22:05 AM | Computer Name = WINDOWS-810457A | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.874.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efd Error description: A connection with the server could not be established


Error - 5/5/2010 10:25:39 AM | Computer Name = WINDOWS-810457A | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.874.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efd Error description: A connection with the server could not be established


Error - 5/6/2010 2:03:31 PM | Computer Name = WINDOWS-810457A | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/6/2010 2:03:31 PM | Computer Name = WINDOWS-810457A | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.874.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x80072efd Error description: A connection with the server could not be established


Error - 5/7/2010 4:29:42 PM | Computer Name = WINDOWS-810457A | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.81.874.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5703.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 5/7/2010 5:00:34 PM | Computer Name = WINDOWS-810457A | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{4412F0F8-2CB1-448D-9B73-34A82B817E91}
because another computer on the network has the same name. The server could not
start.


< End of report >


OTL.txt:

OTL logfile created on: 5/8/2010 1:47:08 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 1.23 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWS-810457A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 13:37:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/05/08 12:12:52 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/04 11:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/05 17:57:04 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/12 22:24:50 | 002,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/08/17 23:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/24 14:47:06 | 001,691,648 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2003/05/15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/05/08 13:37:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/10/12 22:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 22:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 22:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/03/16 19:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/08 13:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/31 11:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/27 18:10:44 | 000,015,680 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2005/01/11 13:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:31:26 | 000,032,384 | ---- | M] (KLSI USA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb101et.sys -- (KLSIENET)
DRV - [2004/06/24 14:48:38 | 000,289,408 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/06/24 14:48:00 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/06/24 14:39:12 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/06/24 14:36:00 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/06/24 14:35:48 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/06/24 14:32:38 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2000/02/10 14:23:12 | 000,013,824 | ---- | M] (Corex Technologies Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ppnt.sys -- (PPNT)
DRV - [1999/12/03 19:10:38 | 000,048,576 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Par1284.sys -- (PAR1284)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/08 12:07:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 15:06:37 | 000,000,000 | ---D | M]

[2009/11/20 15:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/02 22:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\extensions
[2010/05/02 12:49:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/20 15:47:17 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\searchplugins\bing.xml
[2010/01/20 13:14:42 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\searchplugins\conduit.xml
[2010/05/07 16:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 14:40:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/03 14:39:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1085031214-746137067-839522115-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1258642826000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/04 16:09:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/06/04 16:09:01 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/06 17:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Heiler
[2010/05/04 22:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Taxes 2009
[2010/05/04 15:07:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/04 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/04 09:20:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/05/04 09:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/03 17:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/03 15:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 15:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/03 15:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/03 14:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/03 14:40:07 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/05/03 14:40:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/05/03 14:40:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/05/03 14:40:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/05/03 14:40:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2010/05/03 13:01:39 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2010/05/02 12:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 12:49:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/28 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Resumes
[2010/04/28 22:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Ashton
[2010/04/28 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Main Street Marketing
[2010/04/28 20:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\AV
[2010/04/21 10:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2010/04/21 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2010/04/21 10:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 10:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2010/04/21 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2010/04/16 10:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Engagement Letters
[2010/04/15 14:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SEO
[2010/04/13 08:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Customer Stuff
[2010/04/12 15:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/12 14:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\windows\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\windows\System32\dnssd.dll
[2010/04/08 08:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PMB Files
[2010/04/08 08:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/03/30 13:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/25 16:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Presentations
[2010/03/25 14:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Proposals
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2010/03/15 17:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2010/03/02 21:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Expenses
[2010/03/02 14:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\webex
[2010/02/24 09:38:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/02/23 18:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ADI
[2010/02/22 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/02/22 10:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/02/18 18:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Offer Letters
[2010/02/18 14:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/12 00:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\6to4svc.dll
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/08 11:59:49 | 000,000,408 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/05/08 11:58:39 | 000,555,168 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/05/08 11:58:39 | 000,465,640 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/05/08 11:58:39 | 000,079,360 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/05/08 11:57:35 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/08 11:54:50 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/05/08 11:53:47 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/05/08 11:53:42 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/05/08 11:53:40 | 1073,143,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 17:55:51 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/07 17:55:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/06 13:46:54 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/05/05 15:22:47 | 000,096,778 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cloud Based Enterprise PIM for eCommerce.docx
[2010/05/03 19:00:29 | 000,297,256 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/05/03 17:31:28 | 000,079,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/03 16:59:28 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/05/03 15:05:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/03 15:02:52 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/05/03 14:39:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/05/03 14:39:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/05/03 14:39:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/05/03 14:39:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/05/03 14:39:45 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2010/05/03 14:20:41 | 000,001,012 | ---- | M] () -- C:\windows\win.ini
[2010/05/03 14:20:41 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/05/03 14:20:41 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/05/03 13:24:59 | 000,001,355 | ---- | M] () -- C:\windows\imsins.BAK
[2010/05/03 11:02:31 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/02 13:47:45 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 15:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/04/23 14:07:25 | 000,010,704 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Mom.docx
[2010/04/16 08:33:36 | 003,003,680 | ---- | M] (Apple, Inc.) -- C:\windows\System32\usbaaplrc.dll
[2010/04/14 16:26:47 | 002,697,974 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\101strategies.pdf
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\windows\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\windows\System32\dnssd.dll
[2010/04/07 17:29:53 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\black.xls
[2010/04/07 17:27:19 | 000,009,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/07 17:24:32 | 000,020,820 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\black.xlsx
[2010/04/07 16:16:44 | 000,062,872 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/03/30 14:10:48 | 000,260,389 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.csv
[2010/03/25 16:16:49 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2010/03/25 14:40:23 | 000,304,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Fundraising 101.ppt
[2010/03/24 18:23:59 | 000,010,782 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\M360 Telephone Directory.xlsx
[2010/03/19 11:12:42 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Craigslist Posting.doc
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\vbscript.dll
[2010/03/02 12:16:59 | 000,026,551 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\INDEPENDENT CONTRACTOR AGREEMENT.docx
[2010/03/02 10:12:46 | 000,580,096 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.xls
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll
[2010/02/25 02:24:37 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\urlmon.dll
[2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wininet.dll
[2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstime.dll
[2010/02/25 02:24:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\occache.dll
[2010/02/25 02:24:36 | 005,944,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcpl.cpl
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iepeers.dll
[2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsproxy.dll
[2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedkcs32.dll
[2010/02/24 12:22:15 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\intake.doc
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2010/02/24 05:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2010/02/24 05:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ie4uinit.exe
[2010/02/23 11:00:50 | 000,023,913 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A1 for IC Agreement.docx
[2010/02/22 23:09:32 | 000,013,522 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A for IC Agreement.docx
[2010/02/22 21:32:00 | 002,691,796 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BreakTimeAtTheToyotaPlant.wmv
[2010/02/22 10:57:46 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IrfanView.lnk
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntoskrnl.exe
[2010/02/16 10:08:49 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlmp.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrpamp.exe
[2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\6to4svc.dll
[2010/02/11 18:45:36 | 000,013,227 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Job Fair (Autosaved).xlsx
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\tcpip6.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\tcpip6.sys
[2010/02/09 15:51:33 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$Job Fair.xlsx
[2010/02/08 14:50:00 | 208,629,975 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\08 Zac Brown Band & Leon Russell (52nd Annual Grammy Awards-2010-01-31).mkv
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 15:22:47 | 000,096,778 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cloud Based Enterprise PIM for eCommerce.docx
[2010/05/04 16:11:09 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/05/04 09:21:09 | 000,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/03 15:05:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/03 15:02:52 | 000,000,284 | ---- | C] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/05/03 14:20:28 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/03 11:09:45 | 000,000,408 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/04/28 19:43:02 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\mbam-log-2010-04-28 (19-43-00).txt
[2010/04/28 15:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/04/23 14:07:25 | 000,010,704 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Mom.docx
[2010/04/16 11:04:27 | 208,629,975 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\08 Zac Brown Band & Leon Russell (52nd Annual Grammy Awards-2010-01-31).mkv
[2010/04/14 16:26:47 | 002,697,974 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\101strategies.pdf
[2010/04/07 17:27:13 | 000,009,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/07 17:25:15 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\black.xls
[2010/04/07 17:24:27 | 000,020,820 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\black.xlsx
[2010/03/30 14:10:48 | 000,260,389 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.csv
[2010/03/25 14:40:22 | 000,304,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Fundraising 101.ppt
[2010/03/24 18:23:00 | 000,010,782 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\M360 Telephone Directory.xlsx
[2010/03/19 11:12:42 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Craigslist Posting.doc
[2010/03/18 11:12:41 | 000,431,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Chasing.wmv
[2010/03/02 10:12:45 | 000,580,096 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.xls
[2010/02/24 12:23:29 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/02/24 12:22:14 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\intake.doc
[2010/02/23 11:00:50 | 000,023,913 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A1 for IC Agreement.docx
[2010/02/22 23:00:55 | 000,013,522 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A for IC Agreement.docx
[2010/02/22 22:35:36 | 000,026,551 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\INDEPENDENT CONTRACTOR AGREEMENT.docx
[2010/02/22 21:32:00 | 002,691,796 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BreakTimeAtTheToyotaPlant.wmv
[2010/02/22 10:57:46 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IrfanView.lnk
[2010/02/11 18:45:35 | 000,013,227 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Job Fair (Autosaved).xlsx
[2010/02/09 15:51:33 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$Job Fair.xlsx
[2010/01/28 17:20:56 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2009/12/26 18:53:19 | 000,819,200 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/12/26 18:53:18 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/12/05 16:00:40 | 000,000,062 | ---- | C] () -- C:\windows\MAXLINK.INI
[2009/11/19 12:24:41 | 000,086,016 | ---- | C] () -- C:\windows\System32\preflib.dll
[2009/11/19 12:24:38 | 000,757,760 | ---- | C] () -- C:\windows\System32\bcm1xsup.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2008/04/09 16:26:23 | 000,000,010 | ---- | C] () -- C:\windows\WININIT.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/06/04 17:25:02 | 000,192,512 | ---- | C] () -- C:\windows\System32\stac97co.dll

========== Custom Scans ==========


< %appdata%\*.* >
[2007/06/04 11:54:41 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/04/07 17:27:19 | 000,009,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.CAL

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 11:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 18:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 18:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 08:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 06:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe
[2008/04/14 06:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 08:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 06:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[2008/04/14 06:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:56 PM

Posted 08 May 2010 - 08:24 PM

Hello TRSKI,

I have merged your latest topic to your previously existing topic which I have reopened. Please keep all posts concerning this issue to this topic to avoid confusion and delays. It's a good idea to check your topic once a day for responses as the e-mail notification system is unreliable.

Back to you Syler,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 TRSKI

TRSKI
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 10 May 2010 - 08:02 AM

Thanks Orange Blossom

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:56 AM

Posted 10 May 2010 - 02:04 PM

Hi TRSKI,

No worries about the confusion, I see your problems let's see if OTL can deal with it.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4
    [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

Edited by syler, 10 May 2010 - 02:05 PM.

unite.jpg


#10 TRSKI

TRSKI
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 11 May 2010 - 02:27 PM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1085031214-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\Documents and Settings\Administrator\My Documents\smss.exe.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3985920405 bytes
->Temporary Internet Files folder emptied: 252833060 bytes
->Java cache emptied: 51291180 bytes
->FireFox cache emptied: 157871976 bytes
->Apple Safari cache emptied: 12878199 bytes
->Flash cache emptied: 64159 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 2836 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 317844 bytes
->Temporary Internet Files folder emptied: 3209614 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4581597 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10955886 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 198675051 bytes

Total Files Cleaned = 4,464.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05112010_103453

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...


#11 TRSKI

TRSKI
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 11 May 2010 - 02:40 PM

Rescan:

OTL logfile created on: 5/11/2010 3:29:39 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 282.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 4.87 Gb Free Space | 6.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWS-810457A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/08 13:37:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/05/08 12:12:52 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/04 11:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/05 17:57:04 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/12 22:24:50 | 002,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/24 14:47:06 | 001,691,648 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2003/05/15 02:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/04/10 03:00:00 | 000,074,240 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S0EIC1.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/08 13:37:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/10/12 22:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 22:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 22:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/03/16 19:10:46 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/08 13:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/31 11:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/27 18:10:44 | 000,015,680 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2005/01/11 13:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:31:26 | 000,032,384 | ---- | M] (KLSI USA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb101et.sys -- (KLSIENET)
DRV - [2004/06/24 14:48:38 | 000,289,408 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/06/24 14:48:00 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/06/24 14:39:12 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/06/24 14:36:00 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/06/24 14:35:48 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/06/24 14:32:38 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2000/02/10 14:23:12 | 000,013,824 | ---- | M] (Corex Technologies Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ppnt.sys -- (PPNT)
DRV - [1999/12/03 19:10:38 | 000,048,576 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Par1284.sys -- (PAR1284)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Free TV Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/08 12:07:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 15:06:37 | 000,000,000 | ---D | M]

[2009/11/20 15:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/02 22:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\extensions
[2010/05/02 12:49:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/20 15:47:17 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\searchplugins\bing.xml
[2010/01/20 13:14:42 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyaktd73.default\searchplugins\conduit.xml
[2010/05/10 10:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 14:40:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/03 14:39:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1085031214-746137067-839522115-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo 820 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1085031214-746137067-839522115-500..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1258642826000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/04 16:09:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/11 10:34:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/10 11:21:58 | 000,069,120 | ---- | C] (EPSON America Inc.) -- C:\windows\System32\EAL.EXE
[2010/05/10 11:21:58 | 000,044,544 | ---- | C] (EPSON America Inc.) -- C:\windows\System32\EAL32.DLL
[2010/05/10 11:21:57 | 000,166,400 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EBAPI3.DLL
[2010/05/10 11:21:57 | 000,060,457 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EBPMON3.DLL
[2010/05/10 11:21:57 | 000,056,832 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\ECBTEG.DLL
[2010/05/10 11:21:57 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EBPCHP.DLL
[2010/05/10 11:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/05/10 11:21:36 | 000,000,000 | ---D | C] -- C:\epson
[2010/05/08 15:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/06 17:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Heiler
[2010/05/04 22:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Taxes 2009
[2010/05/04 15:07:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/04 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/04 09:20:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/05/04 09:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/03 17:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/03 15:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 15:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/03 15:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/03 14:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/03 14:40:07 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/05/03 14:40:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/05/03 14:40:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/05/03 14:40:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/05/03 14:40:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2010/05/03 13:01:39 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2010/05/02 12:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/02 12:49:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/28 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Resumes
[2010/04/28 22:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Ashton
[2010/04/28 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Main Street Marketing
[2010/04/28 20:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\AV
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\windows\System32\DivXControlPanelApplet.cpl
[2010/04/21 10:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2010/04/21 10:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2010/04/21 10:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 10:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2010/04/21 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2010/04/16 10:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Engagement Letters
[2010/04/15 14:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SEO
[2010/04/13 08:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Customer Stuff
[2010/04/12 15:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/12 14:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\windows\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\windows\System32\dnssd.dll
[2010/04/08 08:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PMB Files
[2010/04/08 08:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/03/30 13:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/25 16:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Presentations
[2010/03/25 14:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Proposals
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2010/03/15 17:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2010/03/08 13:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\windows\System32\dpl100.dll
[2010/03/02 21:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Expenses
[2010/03/02 14:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\webex
[2010/02/24 09:38:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/02/23 18:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ADI
[2010/02/22 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/02/22 10:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/02/19 15:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\windows\System32\DivX.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\windows\System32\divx_xx0c.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\windows\System32\divx_xx07.dll
[2010/02/19 15:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\windows\System32\divx_xx0a.dll
[2010/02/19 15:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\windows\System32\divx_xx16.dll
[2010/02/19 15:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\windows\System32\divx_xx11.dll
[2010/02/18 18:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Offer Letters
[2010/02/18 14:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/12 00:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\6to4svc.dll

========== Files - Modified Within 90 Days ==========

[2010/05/11 15:26:00 | 000,555,168 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/05/11 15:26:00 | 000,465,640 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/05/11 15:26:00 | 000,079,360 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/05/11 15:23:32 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/05/11 10:45:46 | 000,000,408 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/05/11 10:41:56 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/11 10:39:48 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/05/11 10:39:44 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/05/11 10:39:42 | 1073,143,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 10:38:52 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/11 10:38:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/08 15:47:59 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/05/08 15:46:19 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/08 15:45:09 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/06 13:46:54 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/05/05 15:22:47 | 000,096,778 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cloud Based Enterprise PIM for eCommerce.docx
[2010/05/03 19:00:29 | 000,297,256 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/05/03 17:31:28 | 000,079,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/03 16:59:28 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/05/03 15:05:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/03 15:02:52 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/05/03 14:39:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/05/03 14:39:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/05/03 14:39:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/05/03 14:39:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/05/03 14:39:45 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2010/05/03 14:20:41 | 000,001,012 | ---- | M] () -- C:\windows\win.ini
[2010/05/03 14:20:41 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/05/03 14:20:41 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/05/03 13:24:59 | 000,001,355 | ---- | M] () -- C:\windows\imsins.BAK
[2010/05/03 11:02:31 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/02 13:47:45 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/28 15:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\windows\System32\DivXControlPanelApplet.cpl
[2010/04/23 14:07:25 | 000,010,704 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Mom.docx
[2010/04/16 08:33:36 | 003,003,680 | ---- | M] (Apple, Inc.) -- C:\windows\System32\usbaaplrc.dll
[2010/04/14 16:26:47 | 002,697,974 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\101strategies.pdf
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\windows\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\windows\System32\dnssd.dll
[2010/04/07 17:29:53 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\black.xls
[2010/04/07 17:27:19 | 000,009,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/07 17:24:32 | 000,020,820 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\black.xlsx
[2010/04/07 16:16:44 | 000,062,872 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/03/30 21:58:04 | 002,083,312 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxsfs.dll
[2010/03/30 21:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\windows\System32\px.dll
[2010/03/30 21:58:04 | 000,559,600 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxdrv.dll
[2010/03/30 21:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxwave.dll
[2010/03/30 21:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxmas.dll
[2010/03/30 21:58:04 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxafs.dll
[2010/03/30 21:58:04 | 000,125,424 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxinsi64.exe
[2010/03/30 21:58:04 | 000,123,888 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxcpyi64.exe
[2010/03/30 21:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\windows\System32\vxblock.dll
[2010/03/30 21:58:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxhpinst.exe
[2010/03/30 21:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxinsa64.exe
[2010/03/30 21:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\windows\System32\pxcpya64.exe
[2010/03/30 14:10:48 | 000,260,389 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.csv
[2010/03/25 16:16:49 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
[2010/03/25 14:40:23 | 000,304,128 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Fundraising 101.ppt
[2010/03/24 18:23:59 | 000,010,782 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\M360 Telephone Directory.xlsx
[2010/03/19 11:12:42 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Craigslist Posting.doc
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\vbscript.dll
[2010/03/08 13:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\windows\System32\dpl100.dll
[2010/03/02 12:16:59 | 000,026,551 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\INDEPENDENT CONTRACTOR AGREEMENT.docx
[2010/03/02 10:12:46 | 000,580,096 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.xls
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll
[2010/02/25 02:24:37 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\urlmon.dll
[2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wininet.dll
[2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstime.dll
[2010/02/25 02:24:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\occache.dll
[2010/02/25 02:24:36 | 005,944,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcpl.cpl
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iepeers.dll
[2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsproxy.dll
[2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedkcs32.dll
[2010/02/24 12:22:15 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\intake.doc
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2010/02/24 05:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2010/02/24 05:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ie4uinit.exe
[2010/02/23 11:00:50 | 000,023,913 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A1 for IC Agreement.docx
[2010/02/22 23:09:32 | 000,013,522 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A for IC Agreement.docx
[2010/02/22 21:32:00 | 002,691,796 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BreakTimeAtTheToyotaPlant.wmv
[2010/02/22 10:57:46 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IrfanView.lnk
[2010/02/19 15:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\windows\System32\DivX.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\windows\System32\divx_xx0c.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\windows\System32\divx_xx07.dll
[2010/02/19 15:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\windows\System32\divx_xx0a.dll
[2010/02/19 15:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\windows\System32\divx_xx16.dll
[2010/02/19 15:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\windows\System32\divx_xx11.dll
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntoskrnl.exe
[2010/02/16 10:08:49 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlmp.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrpamp.exe
[2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\6to4svc.dll
[2010/02/11 18:45:36 | 000,013,227 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Job Fair (Autosaved).xlsx
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\tcpip6.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\tcpip6.sys

========== Files Created - No Company Name ==========

[2010/05/10 16:47:23 | 1073,143,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/10 11:21:57 | 000,000,145 | ---- | C] () -- C:\windows\System32\EBPPORT3.DAT
[2010/05/08 15:47:59 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2010/05/08 15:46:19 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/08 15:45:09 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/05 15:22:47 | 000,096,778 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cloud Based Enterprise PIM for eCommerce.docx
[2010/05/04 16:11:09 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/05/04 09:21:09 | 000,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/03 15:05:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/03 15:02:52 | 000,000,284 | ---- | C] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/05/03 14:20:28 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/03 11:09:45 | 000,000,408 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/04/28 19:43:02 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\mbam-log-2010-04-28 (19-43-00).txt
[2010/04/28 15:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/04/23 14:07:25 | 000,010,704 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Mom.docx
[2010/04/16 11:04:27 | 208,629,975 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\08 Zac Brown Band & Leon Russell (52nd Annual Grammy Awards-2010-01-31).mkv
[2010/04/14 16:26:47 | 002,697,974 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\101strategies.pdf
[2010/04/07 17:27:13 | 000,009,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft Excel 97-2003.CAL
[2010/04/07 17:25:15 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\black.xls
[2010/04/07 17:24:27 | 000,020,820 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\black.xlsx
[2010/03/30 14:10:48 | 000,260,389 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.csv
[2010/03/25 14:40:22 | 000,304,128 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Fundraising 101.ppt
[2010/03/24 18:23:00 | 000,010,782 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\M360 Telephone Directory.xlsx
[2010/03/19 11:12:42 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Craigslist Posting.doc
[2010/03/18 11:12:41 | 000,431,033 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Chasing.wmv
[2010/03/02 10:12:45 | 000,580,096 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Restaurtants 10 miles from 48084 Laron.xls
[2010/02/24 12:23:29 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/02/24 12:22:14 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\intake.doc
[2010/02/23 11:00:50 | 000,023,913 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A1 for IC Agreement.docx
[2010/02/22 23:00:55 | 000,013,522 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\SCHEDULE A for IC Agreement.docx
[2010/02/22 22:35:36 | 000,026,551 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\INDEPENDENT CONTRACTOR AGREEMENT.docx
[2010/02/22 21:32:00 | 002,691,796 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BreakTimeAtTheToyotaPlant.wmv
[2010/02/22 10:57:46 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IrfanView.lnk
[2010/02/11 18:45:35 | 000,013,227 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Job Fair (Autosaved).xlsx
[2010/01/28 17:20:56 | 000,000,028 | ---- | C] () -- C:\windows\ODBC.INI
[2009/12/26 18:53:19 | 000,819,200 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/12/26 18:53:18 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/12/05 16:00:40 | 000,000,062 | ---- | C] () -- C:\windows\MAXLINK.INI
[2009/11/19 12:24:41 | 000,086,016 | ---- | C] () -- C:\windows\System32\preflib.dll
[2009/11/19 12:24:38 | 000,757,760 | ---- | C] () -- C:\windows\System32\bcm1xsup.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2008/04/09 16:26:23 | 000,000,010 | ---- | C] () -- C:\windows\WININIT.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/06/04 17:25:02 | 000,192,512 | ---- | C] () -- C:\windows\System32\stac97co.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:56 AM

Posted 11 May 2010 - 06:11 PM

That appear to have gotten it, Can you tell me if the browser hijacking has stopped now or if you have any other problems?

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:56 AM

Posted 17 May 2010 - 11:24 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users