Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Is Hijacked Down to Partitions in Hard Drive


  • This topic is locked This topic is locked
14 replies to this topic

#1 christijacks1

christijacks1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 12 June 2010 - 09:43 PM

Hello and Thank you for taking your time to help me with this very frustrating situation I have been dealing with for months. To be short and to the point, after months of searching and dealing with odd behavior in my computer, files changing and accounts compromised I have figured out that my computer has been hijacked by something or someone. I have identified the files that were used to compromise my system but I just don't know how to regain control as they have control of everything down to my partitions in my hard drive. They are mirrored and "they" have control of them. When I try to do a D2D reformat to "new out of box" it just begins to reinstall itself again. I ordered what I thought was going to be a reformat disk from ACER and got 5 disks that I think are just driver disks and I'm not sure they have a copy of windows 7 on them, but.....it doesn't matter because they have remotely disabled my cd rom as I can't get it to boot from my cd rom....so that is useless as well. I am EXTREMELY frustrated and need someone to help me out with this. The paranoia is starting to get to me.



Okay....so you need more info.


I tried to follow your instructions but couldn't run that gmer file in regular mode or safe mode. I should say I couldn't run it but it wouldn't allow me to check any additional boxes. So whatever boxes were checked that is what it ran and of course told me that nothing was wrong. Here is some of the info from some of the other ones but I thought it was stated not to post those unless requested. So ...... I guess I'm going to look kind of like a goofy newbie at this, but at this point I'll risk it. "



DDS (Ver_10-03-17.01) - NTFSX64
Run by Jacks at 20:34:05.61 on Sat 06/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2309 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Acer\Acer Updater\alu.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jacks\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hot Keyboard Pro\HKHook64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360510a645l0314z1i5t4852a24o
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360510a645l0314z1i5t4852a24o
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360510a645l0314z1i5t4852a24o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360510a645l0314z1i5t4852a24o
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [Hot Keyboard] c:\program files (x86)\hot keyboard pro\HotKeyb.exe -minimized
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [EgisTecLiveUpdate] "c:\program files (x86)\egistec egis software update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] c:\program files (x86)\launch manager\LManager.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Acer Assist Launcher] c:\program files (x86)\acer\acer assist\launcher.exe
mRun: [RemoteControl8] "c:\program files (x86)\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd8\language\Language.exe"
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Assign &hot key - c:\program files (x86)\hot keyboard pro\IEScript.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun-x64: [mwlDaemon] c:\program files (x86)\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

================= FIREFOX ===================

FF - ProfilePath - c:\users\jacks\appdata\roaming\mozilla\firefox\profiles\334n5pq5.default\
FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\npFFApi.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-27 203264]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\launch manager\dsiwmis.exe [2009-8-27 107016]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-27 844320]
R2 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-6-4 1150496]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-18 33008]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-18 823272]
R2 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-6-5 1153368]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-8-27 240160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-8-27 215040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-5-27 34872]
RUnknown szkg5;szkg5; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-5-27 35840]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-27 222208]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-28 1255736]
SUnknown is3srv;is3srv; [x]

=============== Created Last 30 ================

2010-06-13 01:24:14 432 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-06-13 01:23:24 0 ----a-w- c:\users\jacks\defogger_reenable
2010-06-13 00:01:35 728 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-12 15:41:47 0 d-----w- c:\windows\pss
2010-06-09 01:03:08 1056768 ----a-w- c:\windows\system32\defltbase.sdb
2010-06-06 22:35:41 301690565 ----a-w- c:\windows\MEMORY.DMP
2010-06-06 22:30:06 0 d-----w- c:\programdata\SITEguard
2010-06-06 22:29:13 0 d-----w- c:\programdata\STOPzilla!
2010-06-06 22:29:13 0 d-----w- c:\program files (x86)\common files\iS3
2010-06-06 22:20:44 0 d-----w- c:\users\jacks\appdata\roaming\Uniblue
2010-06-06 22:20:35 0 d-----w- c:\program files (x86)\Uniblue
2010-06-06 17:25:54 0 d-----w- c:\program files (x86)\CCleaner
2010-06-06 04:58:24 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-06 04:58:24 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-06-04 02:30:37 124 ----a-w- c:\windows\wininit.ini
2010-06-04 02:30:13 0 d-----w- c:\programdata\Yahoo! Companion
2010-06-04 02:29:52 0 d-----w- c:\programdata\Yahoo!
2010-06-04 02:28:34 0 d-----w- c:\program files (x86)\Yahoo!
2010-06-03 01:37:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-03 00:52:36 0 d-----w- c:\program files (x86)\Belarc
2010-05-30 19:12:20 0 d-----w- c:\users\jacks\appdata\roaming\Hot Keyboard
2010-05-30 19:11:49 0 d-----w- c:\users\jacks\appdata\roaming\Hot Keyboard Pro Backup
2010-05-30 19:11:08 0 d-----w- c:\program files (x86)\Hot Keyboard Pro
2010-05-30 15:15:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-30 01:07:39 0 ----a-w- c:\users\jacks\netstat
2010-05-29 23:33:36 0 ----a-w- c:\users\jacks\ping204.237.131.25
2010-05-29 20:59:10 0 d-----w- c:\programdata\HipSoft
2010-05-29 20:57:55 0 d-----w- c:\users\jacks\appdata\roaming\WildTangent
2010-05-28 11:59:55 0 d-----w- c:\windows\syswow64\Wat
2010-05-28 11:59:55 0 d-----w- c:\windows\system32\Wat
2010-05-28 02:20:12 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-28 02:20:12 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-05-28 02:03:44 0 d-----w- c:\program files (x86)\GetData
2010-05-28 00:40:51 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS
2010-05-28 00:34:49 0 d-----w- C:\Netgear
2010-05-27 17:45:15 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-27 17:45:15 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-05-27 17:45:11 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2010-05-27 17:45:10 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2010-05-27 17:45:10 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2010-05-27 17:45:09 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-27 17:45:08 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-27 17:45:08 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-05-27 17:43:59 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-05-27 17:43:58 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-05-27 17:43:58 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-05-27 17:43:58 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-27 17:43:58 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-27 17:30:22 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-27 17:30:21 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-05-27 17:30:20 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-05-27 17:27:24 716800 ----a-w- c:\windows\syswow64\jscript.dll
2010-05-27 17:22:23 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-05-27 17:22:23 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2010-05-27 17:21:41 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-27 17:21:41 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-27 17:20:50 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-27 17:20:50 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-27 17:15:20 0 d-----w- c:\program files\DIFX
2010-05-27 17:15:19 34872 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2010-05-27 17:15:18 0 d-----w- c:\program files (x86)\AMD
2010-05-27 17:13:53 0 d-----w- c:\program files\ATI
2010-05-27 17:13:50 0 d-----w- c:\program files (x86)\ATI Technologies
2010-05-27 17:12:01 0 d-----w- c:\users\jacks\appdata\roaming\CheckPoint
2010-05-27 17:11:37 0 d-----w- c:\program files (x86)\Conduit
2010-05-27 17:11:36 0 d-----w- c:\program files (x86)\ZoneAlarm
2010-05-27 17:11:04 0 d-----w- c:\program files\CheckPoint
2010-05-27 17:11:00 58368 ----a-w- c:\windows\syswow64\vsregexp.dll
2010-05-27 17:06:57 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 16:55:42 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-05-27 16:55:42 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-05-27 16:55:41 139264 ----a-w- c:\windows\system32\cabview.dll
2010-05-27 16:55:41 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-05-27 16:45:02 0 d-----w- c:\programdata\CheckPoint
2010-05-27 16:45:02 0 d-----w- c:\program files (x86)\Zone Labs
2010-05-27 16:44:49 0 d-----w- c:\windows\Internet Logs
2010-05-27 15:40:14 0 d-----w- c:\program files (x86)\common files\CyberLink
2010-05-27 15:38:18 505128 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-05-27 15:38:18 353576 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-05-27 15:38:18 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-05-27 15:38:06 0 d---a-w- c:\programdata\Temp
2010-05-27 15:32:51 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-05-27 15:32:51 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-05-27 15:32:20 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-05-27 15:31:27 0 d-----w- c:\program files (x86)\Microsoft
2010-05-27 15:30:58 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-05-27 15:28:58 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-05-27 15:26:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-05-27 15:26:26 0 d-----w- c:\programdata\ATI
2010-05-27 15:26:22 0 d-----w- c:\program files\Synaptics
2010-05-27 15:25:49 0 d-----w- c:\program files (x86)\Acer Crystal Eye webcam
2010-05-27 15:25:47 0 d-----w- c:\users\jacks\appdata\roaming\Acer
2010-05-27 15:25:29 0 d---a-w- C:\book
2010-05-27 15:21:50 0 d-----w- c:\program files (x86)\OEM
2010-05-27 15:21:37 0 d-----w- c:\programdata\OEM_E471269A730D

==================== Find3M ====================

2010-05-27 17:12:18 420800 ----a-w- c:\windows\system32\drivers\vsconfig.xml
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-20 23:10:06 1238528 ----a-w- c:\windows\syswow64\zpeng25.dll
2010-05-20 23:10:02 69120 ----a-w- c:\windows\syswow64\zlcomm.dll
2010-05-20 23:10:02 43008 ----a-w- c:\windows\syswow64\vswmi.dll
2010-05-20 23:10:02 110080 ----a-w- c:\windows\syswow64\vsxml.dll
2010-05-20 23:10:02 103936 ----a-w- c:\windows\syswow64\zlcommdb.dll
2010-05-20 23:10:00 712192 ----a-w- c:\windows\syswow64\vsutil.dll
2010-05-20 23:10:00 302592 ----a-w- c:\windows\syswow64\vspubapi.dll
2010-05-20 23:10:00 228352 ----a-w- c:\windows\syswow64\vsinit.dll
2010-05-20 23:10:00 112128 ----a-w- c:\windows\syswow64\vsdata.dll
2010-05-20 23:10:00 107520 ----a-w- c:\windows\syswow64\vsmonapi.dll
2010-05-15 21:30:52 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2010-05-15 21:30:52 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:34:50.43 ===============



==== End Of File ===========================




PS.....found a .rar file today with voice, video files and yahoo chat files ready for delivery. That has to make you feel warm and cozy when you sleep. There was an ipaddress in one of those files that your site asked me to run, however I noticed this morning it was edited out of there and my history was deleted at the time I was running ipwhois checks on it. Should have wrote that one down. LOL If anyone knows how they can get some info on the owner of an ip address I know the one I am constantly routed to so any advice is greatly appreciated.

Thanks to all !


Christi

EDIT: Moved back now that logs have been added. ~BP

Edited by Budapest, 15 June 2010 - 01:29 AM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 17 June 2010 - 07:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 17 June 2010 - 08:57 PM

Thanks for your reply! I'm ready to get to the bottom of all of this! I can't tell you how much I appreciate your help!! Have a great evening smile.gif

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 18 June 2010 - 04:25 PM

Okay, well firstly Gmer doesn't run on Windows 7 so don't worry about that.


Please run Sophos

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#5 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 19 June 2010 - 02:58 PM

Okay, So I followed the directions you gave me and even tried to start it from the command window but my command window functions are limited so there are few things I am able to make happen in that venue of my PC. But none the less I did my best... and it came up with nothing but one hidden file. It wouldn't scan running processes. There was no way to check that box. I assume whatever is on here disables it. I have posted some screen shots on a Google link that you can take a look at that regard some other things I noticed recently.




Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 6/18/2010 at 21:26:01 PM
User "Jacks" on computer "JACKS-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Stopped logging on 6/18/2010 at 21:31:47 PM


Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 6/18/2010 at 21:45:54 PM
User "Jacks" on computer "JACKS-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Stopped logging on 6/18/2010 at 21:53:23 PM




One is that in my registry - HKEYCLASSES_ROOT\CLISD YADA YADA YADA...... Under each entry there are listing that state "inprocserver32" So I posted a screen shot of all that.

Two...I was combing all the setting on my spy bot search and destroy and found that Cdilla was checked as "ignore". Certainly wasn't something I checked to ignore.

Also there was something that it found that I didn't have permissions to delete the first time I ran it. So I took a screen shot of what that was and uploaded that as well.


I also ran a program called Belarc Advisor a while back and did again this morning and I thought I'd copy and paste some interesting things it spit out in its listing below...What is a SAMBA SERVER??? I mean...I can Google...but why am I hooked up with one... dry.gif






new Network Map (mouse over IP address for physical address) [Back to Top]
IP Device Type Device Details Device Roles
192.168.1.1 Router Netgear DHCP Server, Gateway, Domain Name Server, Web Server
192.168.1.3 Nintendo Gaming
192.168.1.4 System Asustek
192.168.1.55 Windows 7 Workstation Jacks-pc (in WORKGROUP) Samba Server


The blue one is my boyfriends desktop, interesting that its called SYSTEM.....I know that is a common name for file privilege, but that is what controls all of my files. SYSTEM!


My boyfriend says he is ignorant of what is going on yet when I have dug 5 layers deep in his computer it looks as thought there are windows 2000 server files on his pc....why...who knows. He claims he has no knowledge of why they would be on there. I also found "java beans" on there that when I pasted parts of the file name in the address bar was lead to what appeared to be a "virtual" online storage place. I'm not sure what that is all about...

My friend who is ....well...behaving oddly at this point lets say...worked for 20 years at Microsoft doing things like data mining and now is working doing different web writing and programming and when I ask for his help he acts ignorant. Red flag if you ask me.

My boss monitors our computers and phones at work as if we were criminals and I have to use my personal PC to work from home and let's say nothing would surprise me. Not that you wanted all that drama. I guess my point is......I don't think this is something I picked up on Facebook. It's dynamic and changes depending on how I am trying to rid my computer of it.

I used to run Ip config in my command box and get all kinds of info regarding my internet address like IPV4, IPV6 TUNNEL address..etc, etc.....now....I get a 3 line ipaddress and subnet mask and default gateway. It's nuts. The ip that stays connected to me occasionally changes that last two digits but otherwise stays the same. I'm sure that it is a spoofed ip as what idiot would hack someones system and not spoof their address.

Here is a link to those photos, it's a trash account so I figure no worries if it gets hacked either. ha! I can keep uploading any other screen shots to that same album if you need them . I have attached docs that I have found in my computer over the last months while I have been searching and reformatting....as I have done that 3 times and it just re installs itself. The one doc that I found is too large to attach. But it shows how it's all set up, if you know how I can get that to you or if it would even be helpful let me know.

[post="<table style="width:194px;"><tr><td align="center" style="height:194px;background:url(http://picasaweb.google.com/s/c/transparent_album_background.gif) no-repeat left"><a href="http://picasaweb.google.com/jackson59555/ComputerScreenShots?feat=embedwebsite"><img src="http://lh5.ggpht.com/_avMnCAYNxqE/TB0IWRMb9uE/AAAAAAAAACo/kWoZdWgvjQE/s160-c/ComputerScreenShots.jpg" width="160" height="160" style="margin:1px 0 0 4px;"></a></td></tr><tr><td style="text-align:center;font-family:arial,sans-serif;font-size:11px"><a href="http://picasaweb.google.com/jackson59555/ComputerScreenShots?feat=embedwebsite" style="color:#4D4D4D;font-weight:bold;text-decoration:none;">Computer Screen Shots</a></td></tr></table>"]Link to Screen Shots[/post]



Here is the first part of it. :


Monday, July 13, 2009 9:48:54 PM
Administrative privileged user logged on.
Parsing template defltbase.inf.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...

Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-32-546.
remove SeInteractiveLogonRight.
Configure S-1-5-32-547.
remove SeNetworkLogonRight.
remove SeSystemtimePrivilege.
remove SeRemoteShutdownPrivilege.
remove SeIncreaseBasePriorityPrivilege.
remove SeInteractiveLogonRight.
remove SeProfileSingleProcessPrivilege.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-19.
add SeSystemtimePrivilege.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
add SeTimeZonePrivilege.
Configure S-1-5-20.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
remove SeServiceLogonRight.
Configure S-1-5-32-544.
add SeChangeNotifyPrivilege.
add SeBatchLogonRight.
add SeUndockPrivilege.
add SeManageVolumePrivilege.
add SeRemoteInteractiveLogonRight.
add SeImpersonatePrivilege.
add SeCreateGlobalPrivilege.
add SeTimeZonePrivilege.
add SeCreateSymbolicLinkPrivilege.
Configure S-1-5-32-551.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeBatchLogonRight.
Configure S-1-5-32-559.
add SeBatchLogonRight.
Configure S-1-5-32-545.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
add SeIncreaseWorkingSetPrivilege.
add SeTimeZonePrivilege.
Configure S-1-1-0.
remove SeInteractiveLogonRight.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-6.
Configure S-1-5-21-3952311282-3270686217-2811382985-501.
add SeInteractiveLogonRight.
add SeDenyNetworkLogonRight.
add SeDenyInteractiveLogonRight.
Configure S-1-5-32-555.
add SeRemoteInteractiveLogonRight.
Configure S-1-5-80-0.
add SeServiceLogonRight.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.
add SeSystemProfilePrivilege.

User Rights configuration was completed successfully.


I hope all of it is helpful, let me know what we can do from here, or if it is better to just chunck the hard drive and start over and you can give me some great advice on locking a new one down.

Thanks again for everything.







Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 19 June 2010 - 04:50 PM

Okay, firstly please stop running lots of things and then getting worried about the results. The links are not working so I can't look at the screenshots but it's important not to get too stressed by this. If you think the network has been hacked then we should be able to see something at work during the scans.

Sophos shows there's no major problems but we need to take a look at the PC in more detail.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
If this fails or you can't run it we have an alternative way of running OTL so just let me know.


Posted Image
m0le is a proud member of UNITE

#7 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 19 June 2010 - 09:38 PM

I know....I sound like I'm completely paranoid....so I appreciate your help. I feel like someone has come to rescue me from this craziness. I'll try to calm down and stop being such a girl wink.gif

So.....good news....it worked. That's the good news.......

I guess that whole link thing is not my gig....so here is the physical link to just copy and paste in your browser. If I fail on this test...just send me back to school.


http://picasaweb.google.com/jackson59555/C...terScreenShots#


One other side note. On one of those screen shots it mentions "connection time" It looks to state that it was only up for an hour and I had been hard at it since 7:30 this morning. My boyfriend works from home three days a week so that whole connection time doesn't seem right.

Bless your heart.....having to listen to the ramblings of paranoid people only to tell them that it was so remote spam hacker or something. Oh well...I guess it is it's own reality show to some extent. HA

Okay....back to the good stuff....Results....Here you go. :-)



OTL logfile created on: 6/19/2010 10:12:23 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jacks\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 261.04 Gb Free Space | 91.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKS-PC
Current User Name: Jacks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\atibtmon.exe File not found
PRC - C:\Users\Jacks\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe (Imposant)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Jacks\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\EEF0.tmp (Sophos Plc)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys (Egis Technology Inc.)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.223.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/05/27 12:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/27 19:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/19 15:11:26 | 000,000,000 | ---D | M]

[2010/05/27 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Mozilla\Extensions
[2010/05/27 19:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacks\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/19 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\extensions
[2010/06/03 21:30:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/30 14:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/19 15:11:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/27 19:10:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/19 15:11:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/01 12:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 12:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/19 15:11:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 12:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 10:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 10:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 10:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 10:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 10:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 10:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 10:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/06/06 17:31:19 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Hot Keyboard] C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe (Imposant)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e9a39c20-7670-11df-8ecc-002622639cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a39c20-7670-11df-8ecc-002622639cd8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/19 15:13:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/19 15:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/19 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/19 15:11:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/19 15:11:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/19 15:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/19 15:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/19 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/06/19 15:09:40 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\New folder (2)
[2010/06/19 11:49:09 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\christijacks1
[2010/06/18 21:53:42 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/06/18 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/06/16 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\CyberLink
[2010/06/16 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\CyberLink
[2010/06/16 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/06/16 20:48:45 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Blitware
[2010/06/16 19:59:50 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\undeleter
[2010/06/14 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/14 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/13 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\New folder
[2010/06/13 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\Screensaver
[2010/06/13 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\microsoft
[2010/06/13 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\Acer
[2010/06/13 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/06/13 14:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/06/12 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\U3
[2010/06/12 10:41:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/12 08:43:40 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\ElevatedDiagnostics
[2010/06/12 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\OneNote Notebooks
[2010/06/11 18:57:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/11 18:57:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/11 18:57:24 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/11 18:57:24 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/11 18:57:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/11 18:57:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/11 18:57:17 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/11 18:57:17 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/11 18:57:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/11 18:57:16 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/11 18:57:16 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/11 18:57:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/11 18:57:16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/11 18:57:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/11 18:57:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/11 18:57:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/06 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\WinRAR
[2010/06/06 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/06/06 17:35:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/06 17:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/06/06 17:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/06/06 17:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/06/06 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Uniblue
[2010/06/06 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/06/06 12:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/06/05 23:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/05 23:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/03 21:31:11 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Yahoo
[2010/06/03 21:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/06/03 21:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Yahoo!
[2010/06/03 21:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/06/03 21:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/06/02 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2010/05/30 14:12:20 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard
[2010/05/30 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard Pro Backup
[2010/05/30 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hot Keyboard Pro
[2010/05/29 15:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2010/05/29 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\WildTangent
[2010/05/28 06:59:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/28 06:59:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/27 19:43:36 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Adobe
[2010/05/27 19:40:51 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2010/05/27 19:34:49 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/05/27 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Mozilla
[2010/05/27 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Mozilla
[2010/05/27 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/05/27 16:01:06 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Diagnostics
[2010/05/27 12:45:15 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/05/27 12:45:15 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/05/27 12:45:14 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/05/27 12:45:11 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/05/27 12:45:10 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/05/27 12:45:10 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/05/27 12:45:08 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/05/27 12:45:08 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/05/27 12:44:21 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/05/27 12:44:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/05/27 12:44:20 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/27 12:44:20 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/05/27 12:44:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/05/27 12:44:19 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/05/27 12:44:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/05/27 12:43:58 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/27 12:43:58 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/27 12:35:22 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/05/27 12:35:22 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/05/27 12:35:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/05/27 12:35:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/05/27 12:35:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/05/27 12:35:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/05/27 12:35:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/05/27 12:35:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/05/27 12:35:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/05/27 12:30:22 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/27 12:30:21 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/05/27 12:30:20 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/05/27 12:27:24 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/05/27 12:27:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/05/27 12:22:23 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/05/27 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/27 12:15:19 | 000,034,872 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2010/05/27 12:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/05/27 12:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010/05/27 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/27 12:13:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/27 12:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/05/27 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\ForceField Shared Files
[2010/05/27 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\CheckPoint
[2010/05/27 12:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/05/27 12:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm
[2010/05/27 12:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/27 12:11:00 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/05/27 12:10:59 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/05/27 12:10:59 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/05/27 12:10:55 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/05/27 12:10:54 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/05/27 12:10:54 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/05/27 12:10:54 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/05/27 12:10:54 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/05/27 12:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/05/27 12:10:53 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/05/27 12:10:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/27 12:10:49 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/05/27 12:10:19 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/05/27 12:10:19 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/05/27 11:55:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/05/27 11:55:42 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/05/27 11:55:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/05/27 11:55:41 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/05/27 11:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/05/27 11:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/05/27 11:44:49 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/05/27 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Google
[2010/05/27 11:34:14 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Google
[2010/05/27 11:23:21 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Adobe
[2010/05/27 10:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2010/05/27 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/05/27 10:38:18 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/05/27 10:38:18 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/05/27 10:38:18 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/05/27 10:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/05/27 10:32:51 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/05/27 10:32:51 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/05/27 10:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/05/27 10:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/05/27 10:31:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/27 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/27 10:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/05/27 10:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/05/27 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\ATI
[2010/05/27 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\ATI
[2010/05/27 10:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/05/27 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/05/27 10:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
[2010/05/27 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Acer
[2010/05/27 10:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Leadertech
[2010/05/27 10:25:29 | 000,000,000 | ---D | C] -- C:\book
[2010/05/27 10:25:25 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\EgisTec
[2010/05/27 10:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Macromedia
[2010/05/27 10:24:56 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Searches
[2010/05/27 10:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Identities
[2010/05/27 10:24:38 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Contacts
[2010/05/27 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\VirtualStore
[2010/05/27 10:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2010/05/27 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer
[2010/05/27 10:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\AppData\Local\Temporary Internet Files
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Templates
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Local Settings
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\AppData\Local\History
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\AppData\Local\Application Data
[2010/05/27 10:21:23 | 000,000,000 | --SD | C] -- C:\Users\Jacks\AppData\Roaming\Microsoft
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Videos
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Saved Games
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Pictures
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Music
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Links
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Favorites
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Downloads
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\My Documents
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Desktop
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Start Menu
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\SendTo
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Recent
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\PrintHood
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\NetHood
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Documents\My Videos
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Documents\My Pictures
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Documents\My Music
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\My Documents
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Cookies
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Application Data
[2010/05/27 10:21:23 | 000,000,000 | -H-D | C] -- C:\Users\Jacks\AppData
[2010/05/27 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Temp
[2010/05/27 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Microsoft
[2010/05/27 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Media Center Programs
[2010/05/27 10:21:11 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/19 22:13:03 | 001,310,720 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT
[2010/06/19 21:59:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/19 20:44:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/19 19:17:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/19 16:04:52 | 000,669,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/19 16:04:52 | 000,580,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/19 16:04:52 | 000,095,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/19 15:11:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/19 15:11:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/19 15:11:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/19 15:11:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/19 14:19:01 | 000,025,011 | ---- | M] () -- C:\Users\Jacks\Desktop\scesetup.zipx
[2010/06/19 12:35:48 | 000,025,011 | ---- | M] () -- C:\Users\Jacks\Desktop\christijacks2.zipx
[2010/06/19 11:45:12 | 000,949,642 | ---- | M] () -- C:\Users\Jacks\Desktop\christijacks1.zip
[2010/06/19 08:19:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/19 08:19:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/19 08:12:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/19 08:11:47 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/19 08:10:57 | 002,255,018 | -H-- | M] () -- C:\Users\Jacks\AppData\Local\IconCache.db
[2010/06/17 19:07:04 | 000,007,618 | ---- | M] () -- C:\Users\Jacks\AppData\Local\Resmon.ResmonCfg
[2010/06/14 19:49:00 | 000,002,097 | ---- | M] () -- C:\Users\Jacks\Desktop\HijackThis.lnk
[2010/06/13 14:40:13 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/06/12 20:27:40 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpfr2.cfg
[2010/06/12 20:23:24 | 000,000,000 | ---- | M] () -- C:\Users\Jacks\defogger_reenable
[2010/06/12 19:01:40 | 000,000,728 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/12 16:46:29 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 20:03:08 | 001,056,768 | ---- | M] () -- C:\Windows\SysNative\defltbase.sdb
[2010/06/06 17:31:19 | 000,000,860 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/06/06 17:20:38 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/06 12:26:00 | 000,001,889 | ---- | M] () -- C:\Users\Jacks\Desktop\CCleaner.lnk
[2010/06/03 21:30:37 | 000,000,124 | ---- | M] () -- C:\Windows\wininit.ini
[2010/06/03 21:29:53 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/02 20:37:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/02 19:52:36 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/05/30 14:11:09 | 000,001,060 | ---- | M] () -- C:\Users\Jacks\Desktop\Hot Keyboard Pro.lnk
[2010/05/30 10:15:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/29 20:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Jacks\netstat
[2010/05/29 18:33:36 | 000,000,000 | ---- | M] () -- C:\Users\Jacks\ping204.237.131.25
[2010/05/28 23:35:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2010/05/27 21:21:56 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/05/27 19:50:45 | 000,006,045 | ---- | M] () -- C:\Users\Jacks\Desktop\Router_Setup.html
[2010/05/27 19:10:26 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/05/27 19:10:21 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/27 14:33:42 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2010/05/27 12:19:19 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/27 12:19:19 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/05/27 12:15:35 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/05/27 12:12:29 | 000,000,089 | ---- | M] () -- C:\Windows\LManager.UNI
[2010/05/27 12:12:18 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/05/27 12:11:02 | 000,001,070 | ---- | M] () -- C:\Users\Jacks\Desktop\ZoneAlarm Security.lnk
[2010/05/27 11:03:45 | 000,079,152 | ---- | M] () -- C:\Users\Jacks\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/27 10:51:57 | 000,524,288 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/27 10:51:57 | 000,524,288 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/27 10:51:57 | 000,065,536 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/27 10:37:40 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/05/27 10:37:40 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/05/27 10:37:39 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/05/27 10:26:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/05/27 10:21:50 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/05/27 10:21:38 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2010/05/27 10:21:24 | 000,000,020 | -HS- | M] () -- C:\Users\Jacks\ntuser.ini
[2010/05/27 02:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/27 01:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 23:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 22:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/05/21 00:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/21 00:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/05/21 00:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/21 00:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/19 14:19:01 | 000,025,011 | ---- | C] () -- C:\Users\Jacks\Desktop\scesetup.zipx
[2010/06/19 11:52:01 | 000,025,011 | ---- | C] () -- C:\Users\Jacks\Desktop\christijacks2.zipx
[2010/06/14 19:47:06 | 000,002,097 | ---- | C] () -- C:\Users\Jacks\Desktop\HijackThis.lnk
[2010/06/13 16:21:15 | 000,949,642 | ---- | C] () -- C:\Users\Jacks\Desktop\christijacks1.zip
[2010/06/13 14:40:13 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/06/12 20:24:14 | 000,000,432 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpfr2.cfg
[2010/06/12 20:23:24 | 000,000,000 | ---- | C] () -- C:\Users\Jacks\defogger_reenable
[2010/06/12 19:01:35 | 000,000,728 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/08 20:03:08 | 001,056,768 | ---- | C] () -- C:\Windows\SysNative\defltbase.sdb
[2010/06/06 17:20:38 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/06 12:26:00 | 000,001,889 | ---- | C] () -- C:\Users\Jacks\Desktop\CCleaner.lnk
[2010/06/06 00:18:16 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 00:18:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/05 13:01:31 | 000,007,618 | ---- | C] () -- C:\Users\Jacks\AppData\Local\Resmon.ResmonCfg
[2010/06/03 21:30:37 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/03 21:29:53 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/02 20:37:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/02 19:52:36 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/05/30 14:11:09 | 000,001,060 | ---- | C] () -- C:\Users\Jacks\Desktop\Hot Keyboard Pro.lnk
[2010/05/30 10:15:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/29 20:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Jacks\netstat
[2010/05/29 18:33:36 | 000,000,000 | ---- | C] () -- C:\Users\Jacks\ping204.237.131.25
[2010/05/27 21:21:56 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/05/27 19:50:46 | 000,000,172 | R--- | C] () -- C:\Users\Jacks\Desktop\Router Login.url
[2010/05/27 19:50:43 | 000,006,045 | ---- | C] () -- C:\Users\Jacks\Desktop\Router_Setup.html
[2010/05/27 19:10:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/27 19:10:21 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/27 12:11:02 | 000,001,070 | ---- | C] () -- C:\Users\Jacks\Desktop\ZoneAlarm Security.lnk
[2010/05/27 12:10:53 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/05/27 12:10:51 | 3016,790,016 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/27 10:26:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/05/27 10:21:50 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/05/27 10:21:38 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2010/05/27 10:21:24 | 000,000,020 | -HS- | C] () -- C:\Users\Jacks\ntuser.ini
[2010/05/27 10:21:23 | 001,310,720 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT
[2010/05/27 10:21:23 | 000,524,288 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/27 10:21:23 | 000,524,288 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/27 10:21:23 | 000,262,144 | -HS- | C] () -- C:\Users\Jacks\ntuser.dat.LOG1
[2010/05/27 10:21:23 | 000,065,536 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/27 10:21:23 | 000,000,000 | -HS- | C] () -- C:\Users\Jacks\ntuser.dat.LOG2
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/27 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Acer
[2010/06/16 20:48:45 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Blitware
[2010/05/27 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\CheckPoint
[2010/05/30 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard
[2010/06/19 08:12:15 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard Pro Backup
[2010/05/27 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Leadertech
[2010/06/06 17:20:44 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Uniblue
[2010/05/29 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\WildTangent
[2009/07/14 00:08:49 | 000,010,122 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:63238B95
< End of report >







OTL logfile created on: 6/19/2010 10:12:23 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jacks\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 261.04 Gb Free Space | 91.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKS-PC
Current User Name: Jacks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\atibtmon.exe File not found
PRC - C:\Users\Jacks\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe (Imposant)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Jacks\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\EEF0.tmp (Sophos Plc)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys (Egis Technology Inc.)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...14z1i5t4852a24o
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.223.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/05/27 12:11:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/27 19:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/19 15:11:26 | 000,000,000 | ---D | M]

[2010/05/27 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Mozilla\Extensions
[2010/05/27 19:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacks\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/06/19 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\extensions
[2010/06/03 21:30:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/30 14:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/19 15:11:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/27 19:10:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/19 15:11:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/01 12:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 12:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/19 15:11:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 12:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 10:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 10:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 10:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 10:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 10:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 10:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 10:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/06/06 17:31:19 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Hot Keyboard] C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe (Imposant)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e9a39c20-7670-11df-8ecc-002622639cd8}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a39c20-7670-11df-8ecc-002622639cd8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/19 15:13:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/19 15:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/19 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/19 15:11:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/19 15:11:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/19 15:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/19 15:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/19 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/06/19 15:09:40 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\New folder (2)
[2010/06/19 11:49:09 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\christijacks1
[2010/06/18 21:53:42 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/06/18 21:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/06/16 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\CyberLink
[2010/06/16 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\CyberLink
[2010/06/16 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/06/16 20:48:45 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Blitware
[2010/06/16 19:59:50 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\undeleter
[2010/06/14 19:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/14 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/13 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\New folder
[2010/06/13 15:02:13 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\Screensaver
[2010/06/13 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\microsoft
[2010/06/13 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\Acer
[2010/06/13 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/06/13 14:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/06/12 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\U3
[2010/06/12 10:41:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/12 08:43:40 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\ElevatedDiagnostics
[2010/06/12 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\OneNote Notebooks
[2010/06/11 18:57:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/11 18:57:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/11 18:57:24 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/11 18:57:24 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/11 18:57:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/11 18:57:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/11 18:57:17 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/11 18:57:17 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/11 18:57:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/11 18:57:16 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/11 18:57:16 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/11 18:57:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/11 18:57:16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/11 18:57:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/11 18:57:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/11 18:57:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/06 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\WinRAR
[2010/06/06 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/06/06 17:35:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/06 17:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/06/06 17:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/06/06 17:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/06/06 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Uniblue
[2010/06/06 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/06/06 12:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/06/05 23:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/05 23:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/03 21:31:11 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Yahoo
[2010/06/03 21:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/06/03 21:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Yahoo!
[2010/06/03 21:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/06/03 21:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/06/02 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2010/05/30 14:12:20 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard
[2010/05/30 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard Pro Backup
[2010/05/30 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hot Keyboard Pro
[2010/05/29 15:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2010/05/29 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\WildTangent
[2010/05/28 06:59:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/28 06:59:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/27 19:43:36 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Adobe
[2010/05/27 19:40:51 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2010/05/27 19:34:49 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/05/27 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Mozilla
[2010/05/27 19:10:24 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Mozilla
[2010/05/27 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/05/27 16:01:06 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Diagnostics
[2010/05/27 12:45:15 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/05/27 12:45:15 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/05/27 12:45:14 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/05/27 12:45:11 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/05/27 12:45:10 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/05/27 12:45:10 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/05/27 12:45:08 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/05/27 12:45:08 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/05/27 12:44:21 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/05/27 12:44:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/05/27 12:44:20 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/27 12:44:20 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/05/27 12:44:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/05/27 12:44:19 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/05/27 12:44:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/05/27 12:43:58 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/27 12:43:58 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/27 12:35:22 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/05/27 12:35:22 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/05/27 12:35:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/05/27 12:35:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/05/27 12:35:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/05/27 12:35:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/05/27 12:35:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/05/27 12:35:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/05/27 12:35:21 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/05/27 12:30:22 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/27 12:30:21 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/05/27 12:30:20 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/05/27 12:27:24 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/05/27 12:27:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/05/27 12:22:23 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/05/27 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/27 12:15:19 | 000,034,872 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2010/05/27 12:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/05/27 12:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010/05/27 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/27 12:13:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/27 12:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/05/27 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Documents\ForceField Shared Files
[2010/05/27 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\CheckPoint
[2010/05/27 12:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/05/27 12:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm
[2010/05/27 12:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/05/27 12:11:00 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/05/27 12:10:59 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/05/27 12:10:59 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/05/27 12:10:55 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/05/27 12:10:54 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/05/27 12:10:54 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/05/27 12:10:54 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/05/27 12:10:54 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/05/27 12:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/05/27 12:10:53 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/05/27 12:10:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/27 12:10:49 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/05/27 12:10:19 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/05/27 12:10:19 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/05/27 11:55:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/05/27 11:55:42 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/05/27 11:55:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/05/27 11:55:41 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/05/27 11:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/05/27 11:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/05/27 11:44:49 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/05/27 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Google
[2010/05/27 11:34:14 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Google
[2010/05/27 11:23:21 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Adobe
[2010/05/27 10:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2010/05/27 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/05/27 10:38:18 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/05/27 10:38:18 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/05/27 10:38:18 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/05/27 10:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/05/27 10:32:51 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/05/27 10:32:51 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/05/27 10:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/05/27 10:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/05/27 10:31:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/27 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/27 10:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/05/27 10:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/05/27 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\ATI
[2010/05/27 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\ATI
[2010/05/27 10:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/05/27 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/05/27 10:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
[2010/05/27 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Acer
[2010/05/27 10:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Leadertech
[2010/05/27 10:25:29 | 000,000,000 | ---D | C] -- C:\book
[2010/05/27 10:25:25 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\EgisTec
[2010/05/27 10:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Macromedia
[2010/05/27 10:24:56 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Searches
[2010/05/27 10:24:43 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Identities
[2010/05/27 10:24:38 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Contacts
[2010/05/27 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\VirtualStore
[2010/05/27 10:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2010/05/27 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer
[2010/05/27 10:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\AppData\Local\Temporary Internet Files
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Templates
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Local Settings
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\AppData\Local\History
[2010/05/27 10:21:24 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\AppData\Local\Application Data
[2010/05/27 10:21:23 | 000,000,000 | --SD | C] -- C:\Users\Jacks\AppData\Roaming\Microsoft
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Videos
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Saved Games
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Pictures
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Music
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Links
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Favorites
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Downloads
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\My Documents
[2010/05/27 10:21:23 | 000,000,000 | R--D | C] -- C:\Users\Jacks\Desktop
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Start Menu
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\SendTo
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Recent
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\PrintHood
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\NetHood
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Documents\My Videos
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Documents\My Pictures
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Documents\My Music
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\My Documents
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Cookies
[2010/05/27 10:21:23 | 000,000,000 | -HSD | C] -- C:\Users\Jacks\Application Data
[2010/05/27 10:21:23 | 000,000,000 | -H-D | C] -- C:\Users\Jacks\AppData
[2010/05/27 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Temp
[2010/05/27 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Local\Microsoft
[2010/05/27 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Media Center Programs
[2010/05/27 10:21:11 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/19 22:13:03 | 001,310,720 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT
[2010/06/19 21:59:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/19 20:44:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/19 19:17:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/19 16:04:52 | 000,669,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/19 16:04:52 | 000,580,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/19 16:04:52 | 000,095,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/19 15:11:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/19 15:11:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/19 15:11:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/19 15:11:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/19 14:19:01 | 000,025,011 | ---- | M] () -- C:\Users\Jacks\Desktop\scesetup.zipx
[2010/06/19 12:35:48 | 000,025,011 | ---- | M] () -- C:\Users\Jacks\Desktop\christijacks2.zipx
[2010/06/19 11:45:12 | 000,949,642 | ---- | M] () -- C:\Users\Jacks\Desktop\christijacks1.zip
[2010/06/19 08:19:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/19 08:19:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/19 08:12:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/19 08:11:47 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/19 08:10:57 | 002,255,018 | -H-- | M] () -- C:\Users\Jacks\AppData\Local\IconCache.db
[2010/06/17 19:07:04 | 000,007,618 | ---- | M] () -- C:\Users\Jacks\AppData\Local\Resmon.ResmonCfg
[2010/06/14 19:49:00 | 000,002,097 | ---- | M] () -- C:\Users\Jacks\Desktop\HijackThis.lnk
[2010/06/13 14:40:13 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/06/12 20:27:40 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpfr2.cfg
[2010/06/12 20:23:24 | 000,000,000 | ---- | M] () -- C:\Users\Jacks\defogger_reenable
[2010/06/12 19:01:40 | 000,000,728 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/12 16:46:29 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 20:03:08 | 001,056,768 | ---- | M] () -- C:\Windows\SysNative\defltbase.sdb
[2010/06/06 17:31:19 | 000,000,860 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/06/06 17:20:38 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/06 12:26:00 | 000,001,889 | ---- | M] () -- C:\Users\Jacks\Desktop\CCleaner.lnk
[2010/06/03 21:30:37 | 000,000,124 | ---- | M] () -- C:\Windows\wininit.ini
[2010/06/03 21:29:53 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/02 20:37:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/02 19:52:36 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/05/30 14:11:09 | 000,001,060 | ---- | M] () -- C:\Users\Jacks\Desktop\Hot Keyboard Pro.lnk
[2010/05/30 10:15:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/29 20:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Jacks\netstat
[2010/05/29 18:33:36 | 000,000,000 | ---- | M] () -- C:\Users\Jacks\ping204.237.131.25
[2010/05/28 23:35:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2010/05/27 21:21:56 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/05/27 19:50:45 | 000,006,045 | ---- | M] () -- C:\Users\Jacks\Desktop\Router_Setup.html
[2010/05/27 19:10:26 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/05/27 19:10:21 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/27 14:33:42 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2010/05/27 12:19:19 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/27 12:19:19 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/05/27 12:15:35 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010/05/27 12:12:29 | 000,000,089 | ---- | M] () -- C:\Windows\LManager.UNI
[2010/05/27 12:12:18 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/05/27 12:11:02 | 000,001,070 | ---- | M] () -- C:\Users\Jacks\Desktop\ZoneAlarm Security.lnk
[2010/05/27 11:03:45 | 000,079,152 | ---- | M] () -- C:\Users\Jacks\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/27 10:51:57 | 000,524,288 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/27 10:51:57 | 000,524,288 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/27 10:51:57 | 000,065,536 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/27 10:37:40 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/05/27 10:37:40 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/05/27 10:37:39 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/05/27 10:26:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/05/27 10:21:50 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/05/27 10:21:38 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2010/05/27 10:21:24 | 000,000,020 | -HS- | M] () -- C:\Users\Jacks\ntuser.ini
[2010/05/27 02:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/27 01:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 23:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 22:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/05/21 00:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/21 00:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/05/21 00:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/21 00:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/19 14:19:01 | 000,025,011 | ---- | C] () -- C:\Users\Jacks\Desktop\scesetup.zipx
[2010/06/19 11:52:01 | 000,025,011 | ---- | C] () -- C:\Users\Jacks\Desktop\christijacks2.zipx
[2010/06/14 19:47:06 | 000,002,097 | ---- | C] () -- C:\Users\Jacks\Desktop\HijackThis.lnk
[2010/06/13 16:21:15 | 000,949,642 | ---- | C] () -- C:\Users\Jacks\Desktop\christijacks1.zip
[2010/06/13 14:40:13 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/06/12 20:24:14 | 000,000,432 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpfr2.cfg
[2010/06/12 20:23:24 | 000,000,000 | ---- | C] () -- C:\Users\Jacks\defogger_reenable
[2010/06/12 19:01:35 | 000,000,728 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/06/08 20:03:08 | 001,056,768 | ---- | C] () -- C:\Windows\SysNative\defltbase.sdb
[2010/06/06 17:20:38 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/06 12:26:00 | 000,001,889 | ---- | C] () -- C:\Users\Jacks\Desktop\CCleaner.lnk
[2010/06/06 00:18:16 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 00:18:15 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/05 13:01:31 | 000,007,618 | ---- | C] () -- C:\Users\Jacks\AppData\Local\Resmon.ResmonCfg
[2010/06/03 21:30:37 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/03 21:29:53 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/06/02 20:37:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/02 19:52:36 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/05/30 14:11:09 | 000,001,060 | ---- | C] () -- C:\Users\Jacks\Desktop\Hot Keyboard Pro.lnk
[2010/05/30 10:15:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/29 20:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Jacks\netstat
[2010/05/29 18:33:36 | 000,000,000 | ---- | C] () -- C:\Users\Jacks\ping204.237.131.25
[2010/05/27 21:21:56 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/05/27 19:50:46 | 000,000,172 | R--- | C] () -- C:\Users\Jacks\Desktop\Router Login.url
[2010/05/27 19:50:43 | 000,006,045 | ---- | C] () -- C:\Users\Jacks\Desktop\Router_Setup.html
[2010/05/27 19:10:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/27 19:10:21 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/27 12:11:02 | 000,001,070 | ---- | C] () -- C:\Users\Jacks\Desktop\ZoneAlarm Security.lnk
[2010/05/27 12:10:53 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/05/27 12:10:51 | 3016,790,016 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/27 10:26:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/05/27 10:21:50 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/05/27 10:21:38 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2010/05/27 10:21:24 | 000,000,020 | -HS- | C] () -- C:\Users\Jacks\ntuser.ini
[2010/05/27 10:21:23 | 001,310,720 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT
[2010/05/27 10:21:23 | 000,524,288 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/27 10:21:23 | 000,524,288 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/27 10:21:23 | 000,262,144 | -HS- | C] () -- C:\Users\Jacks\ntuser.dat.LOG1
[2010/05/27 10:21:23 | 000,065,536 | -HS- | C] () -- C:\Users\Jacks\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/27 10:21:23 | 000,000,000 | -HS- | C] () -- C:\Users\Jacks\ntuser.dat.LOG2
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/27 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Acer
[2010/06/16 20:48:45 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Blitware
[2010/05/27 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\CheckPoint
[2010/05/30 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard
[2010/06/19 08:12:15 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Hot Keyboard Pro Backup
[2010/05/27 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Leadertech
[2010/06/06 17:20:44 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\Uniblue
[2010/05/29 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jacks\AppData\Roaming\WildTangent
[2009/07/14 00:08:49 | 000,010,122 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:63238B95
< End of report >


I got all excited and didn't follow your directions and had to rerun.....what can I say. Such fun on a Saturday night. You are a great date!! guitar.gif

Thanks again!











Okay...quick question... when you go to windows update and to look for "more information" about the update they are suggesting you install. Should it take you to a page

https://winqual.microsoft.com/help/default....equirements.htm

Just didn't seem right. I'm missing about 7 updates from my PC and I have noticed that verisign has polled my connections more than once.....so just trying to connect the dots. :-)




Edited by christijacks1, 20 June 2010 - 02:12 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 20 June 2010 - 07:12 PM

Hmm, possibly something has been in the PC.

We can rule out rootkits though, as you have a 64 bit machine so that's good.

Did you set the PC to stop the desktop being changed? I'm guessing you didn't.

Also, please run MBAM for me as below. If it fails then delete it and redownload it but rename it as mblah.scr before you run it.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Posted Image
m0le is a proud member of UNITE

#9 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 22 June 2010 - 11:52 PM

Sorry for the delay in response. After I last left a message, I got some more interesting activity. I know you'll be out over the next couple days so I'll post again. I just drafted this long post and I don't know what happened except that it just disappeared. I could have hit something odd perhaps..or who knows. The malware scan turned up clean.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4227

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/22/2010 11:53:37 PM
mbam-log-2010-06-22 (23-53-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 212236
Time elapsed: 29 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

In short....( I'll expand later)

The changes that happened since my last post:

1. That link I mentioned....about an hour after posting....that link was broken. Just did nothing. No more info on windows updates. LOL
2. My ipconfig prompt now gives me an ipv4 info.....but I'd still like to point out to Mr. Hacker that he forgot the Ipv6 and all of the tunnel addresses. ( Close....but no cigar)
3. My computer....for that matter all of the machines in the house wouldn't connect to the internet for near two days. However...an old dell..hadn't been turned on in a year....worked just fine. Our computers would connect on other networks, so it wasn't our machines. Today when I came home the internet worked again. And yes,.....I did call my internet provider and ask them to resend my signal...reset my router and modem. etc etc.



Just in case it sheds light....thought I'd list these.

========== Files/Folders - Created Within 7 Days ==========

[2010/06/22 21:41:14 | 000,000,000 | ---D | C] -- C:\Users\Jacks\AppData\Roaming\Malwarebytes
[2010/06/22 21:41:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/22 21:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/22 21:41:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/22 21:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/20 13:47:35 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Tracing
[2010/06/19 15:13:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/19 15:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/19 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/19 15:11:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/19 15:11:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/19 15:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/19 15:11:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/19 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/06/19 15:09:40 | 000,000,000 | ---D | C] -- C:\Users\Jacks\Desktop\New folder (2)





========== Files - Modified Within 7 Days ==========

[2010/06/22 22:50:25 | 001,572,864 | -HS- | M] () -- C:\Users\Jacks\NTUSER.DAT
[2010/06/22 21:59:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/22 21:41:06 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 21:05:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/22 21:05:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/22 21:02:38 | 000,669,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/22 21:02:38 | 000,580,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/22 21:02:38 | 000,095,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/22 20:58:35 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/22 20:58:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/22 20:58:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/22 20:58:11 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/22 08:56:42 | 001,113,538 | -H-- | M] () -- C:\Users\Jacks\AppData\Local\IconCache.db
[2010/06/19 15:11:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/19 15:11:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/19 15:11:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/19 15:11:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/19 14:19:01 | 000,025,011 | ---- | M] () -- C:\Users\Jacks\Desktop\scesetup.zipx
[2010/06/19 12:35:48 | 000,025,011 | ---- | M] () -- C:\Users\Jacks\Desktop\christijacks2.zipx
[2010/06/19 11:45:12 | 000,949,642 | ---- | M] () -- C:\Users\Jacks\Desktop\christijacks1.zip


Oh...and to answer your question definitively......no I didn't lock my desktop. Why would someone? Why would a hacker lock your desktop? What's the benefit? Or should you say? LOL

Well.....it looks like we have at least one follower....as whatever problems I post.....they seem to change. Did they think that wasn't a dead give away?? hysterical.gif You just have to love it and find the humor in the situation. Most of the last 6 months this has consumed me so we may as well find the humor in it when we can.

I guess I should state for the record that the issue is that Mr. Hack has all the admin rights, if they would just give those admin rights up...we'd have this problem solved quickly. Maybe they will take that into consideration and fix that problem as well.

OKAY...have a great day....and enjoy your two days doing what you do. ;-)

Thanks again!

Christi

Edited by christijacks1, 22 June 2010 - 11:59 PM.


#10 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 24 June 2010 - 11:14 PM

I thought you might be interested in these netstat-abn results....















Attached Files


Edited by christijacks1, 24 June 2010 - 11:15 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 27 June 2010 - 05:57 PM

Can you tell me what the logs you posted are signifying?

Apart from the admin rights your PC seems to be fine.

You are also under the misapprehension that your PC is being controlled but it isn't.


Let's attempt a quick fix to deal with the permissions by setting them all to default.

* Click the Start button (globe).
* In the Search box, type cmd, and then press enter.
* Right-click the command icon that the search returned, and select "Run as administrator"
* Type the following at the command prompt, and then press enter:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

You will receive a "Task is completed" message, and a warning message that something could not be done. You can safely ignore this message. Reboot the system to properly record the changes made. The system should now have the default permissions restored.
Posted Image
m0le is a proud member of UNITE

#12 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 27 June 2010 - 10:45 PM

I can understand why you might think that...but when the settings on my computer change....that makes me think someone else is controlling my computer. When someone gets into my email that I have changed my password on several times...that makes me think at the very least...there is some type of key logger on my machine. When I reformat my computer 3 times and it continues to reinstall the same BS files that are not from my original program that makes me think that someone is controlling my machine. I have logged onto my computer and seen the hard drive locked locked down....then the next day I went to show my bf that it was locked down and it was unlocked. WTH??

I gave you those netstat files to see if you could tell if my computer is reporting out somewhere....and if so.....where?? It is constantly connected to 68.125.72.27. That is not my ip address...not charter's ip address....I have looked it up and it is Quest technologies??

Earlier today I tried a command C: \> net user administrator /active:yes.......that one didn't work......so I tried no...and it was successful. It did allow me to gain access to some of the folders but still not all. Here is a screen shot of what you suggested for me to do.



Here are some Screen shots of my Event viewer ....Which has also changed. I didn't used to have those Microsoft office diagnostics or Office Sessions or Windows Power shell. For that matter...I don't even have my copy of office installed on this computer because I have reformatted so many times that I haven't installed anything on this computer....except for diagnostic stuff.

Also....Below I have copied and pasted what I found on my bf's computer back on 5/16 on a file entitled Microsoft .NET Framework 3.5-KB963707_20100517_005800531-Msi0.txt

He states that he doesn't know anything about it or what it is. At the time his computer was configured like a server.....as if it had regular internet connection settings and then server connection settings...nothing like I had seen. As well as there were many windows 2003 file extensions on his pc. Again....he states he knows nothing about this.

=== Verbose logging started: 5/16/2010 19:58:00 Build type: SHIP UNICODE 3.01.4001.5512 Calling process: c:\1bdbc395f7ecb71d4de80765\HotFixInstaller.exe ===
MSI © (00:54) [19:58:00:875]: Resetting cached policy values
MSI © (00:54) [19:58:00:875]: Machine policy value 'Debug' is 0
MSI © (00:54) [19:58:00:875]: ******* RunEngine:
******* Product: {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
******* Action:
******* CommandLine: **********
MSI © (00:54) [19:58:00:875]: Client-side and UI is none or basic: Running entire install on the server.
MSI © (00:54) [19:58:00:875]: Grabbed execution mutex.
MSI © (00:54) [19:58:01:000]: Cloaking enabled.
MSI © (00:54) [19:58:01:000]: Attempting to enable all disabled priveleges before calling Install on Server
MSI © (00:54) [19:58:01:046]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (E4:44) [19:58:01:078]: Grabbed execution mutex.
MSI (s) (E4:D8) [19:58:01:078]: Resetting cached policy values
MSI (s) (E4:D8) [19:58:01:078]: Machine policy value 'Debug' is 0
MSI (s) (E4:D8) [19:58:01:078]: ******* RunEngine:
******* Product: {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
******* Action:
******* CommandLine: **********
MSI (s) (E4:D8) [19:58:01:078]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (E4:D8) [19:58:01:109]: End dialog not enabled
MSI (s) (E4:D8) [19:58:01:109]: Original package ==> C:\WINDOWS\Installer\175801a.msi
MSI (s) (E4:D8) [19:58:01:109]: Package we're running from ==> C:\WINDOWS\Installer\175801a.msi
MSI (s) (E4:D8) [19:58:01:140]: APPCOMPAT: looking for appcompat database entry with ProductCode '{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}'.
MSI (s) (E4:D8) [19:58:01:140]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (E4:D8) [19:58:01:140]: MSCOREE not loaded loading copy from system32
MSI (s) (E4:D8) [19:58:01:218]: Opening existing patch 'c:\WINDOWS\Installer\175803d.msp'.
MSI (s) (E4:D8) [19:58:01:234]: Machine policy value 'AllowLockdownBrowse' is 0
MSI (s) (E4:D8) [19:58:01:234]: Machine policy value 'DisableBrowse' is 0
MSI (s) (E4:D8) [19:58:01:250]: File will have security applied from OpCode.
MSI (s) (E4:D8) [19:58:01:250]: Original patch ==> c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp
MSI (s) (E4:D8) [19:58:01:250]: Patch we're running from ==> c:\WINDOWS\Installer\11290c1.msp
MSI (s) (E4:D8) [19:58:01:265]: SOFTWARE RESTRICTION POLICY: Verifying patch --> 'c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp' against software restriction policy
MSI (s) (E4:D8) [19:58:01:265]: SOFTWARE RESTRICTION POLICY: c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp has a digital signature
MSI (s) (E4:D8) [19:58:01:390]: SOFTWARE RESTRICTION POLICY: c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp is permitted to run at the 'unrestricted' authorization level.
MSI (s) (E4:D8) [19:58:01:390]: SequencePatches starts. Product code: {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}, Product version: 3.5.30729, Upgrade code: {E8D023A9-4372-3070-B961-D3224A1E704D}, Product language 0
MSI (s) (E4:D8) [19:58:01:390]: 3.0 patch {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} is of type QFE
MSI (s) (E4:D8) [19:58:01:390]: 3.0 patch c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp is of type QFE
MSI (s) (E4:D8) [19:58:01:390]: PATCH SEQUENCER: verifying the applicability of QFE patch {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} against product code: {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}, product version: 3.5.30729, product language 0 and upgrade code: {E8D023A9-4372-3070-B961-D3224A1E704D}
MSI (s) (E4:D8) [19:58:01:390]: Validating transform 'SP1.1' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:390]: Transform 'SP1.1' is valid.
MSI (s) (E4:D8) [19:58:01:390]: PATCH SEQUENCER: QFE patch {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} is applicable.
MSI (s) (E4:D8) [19:58:01:390]: PATCH SEQUENCER: verifying the applicability of QFE patch c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp against product code: {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}, product version: 3.5.30729, product language 0 and upgrade code: {E8D023A9-4372-3070-B961-D3224A1E704D}
MSI (s) (E4:D8) [19:58:01:390]: Validating transform 'SP1.1' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2749 2: SP1.1 3: c:\WINDOWS\Installer\11290c1.msp 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:390]: 1: 2749 2: SP1.1 3: c:\WINDOWS\Installer\11290c1.msp 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:390]: Validating transform 'SP1.2' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2749 2: SP1.2 3: c:\WINDOWS\Installer\11290c1.msp 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:390]: 1: 2749 2: SP1.2 3: c:\WINDOWS\Installer\11290c1.msp 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:390]: Validating transform 'SP1.1.1' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:390]: Transform 'SP1.1.1' is valid.
MSI (s) (E4:D8) [19:58:01:390]: PATCH SEQUENCER: QFE patch c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp is applicable.
MSI (s) (E4:D8) [19:58:01:390]: SequencePatches returns success.
MSI (s) (E4:D8) [19:58:01:390]: Final Patch Application Order:
MSI (s) (E4:D8) [19:58:01:390]: {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} -
MSI (s) (E4:D8) [19:58:01:390]: {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} - c:\1bdbc395f7ecb71d4de80765\NDP35SP1-KB963707.msp
MSI (s) (E4:D8) [19:58:01:390]: Machine policy value 'DisablePatch' is 0
MSI (s) (E4:D8) [19:58:01:390]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (E4:D8) [19:58:01:390]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (E4:D8) [19:58:01:390]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (E4:D8) [19:58:01:390]: Looking for patch transform: SP1.1
MSI (s) (E4:D8) [19:58:01:390]: Validating transform 'SP1.1' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:390]: Transform 'SP1.1' is valid.
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Tables 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Columns 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Media 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: CustomAction 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Feature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: FeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: FeatureExtensionData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiAssemblyName 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Registry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: RemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2205 2: 3: Patch
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2228 2: 3: Patch 4: CREATE TABLE `Patch` ( `File_` CHAR(72) NOT NULL, `Sequence` INTEGER NOT NULL, `PatchSize` LONG NOT NULL, `Attributes` INTEGER NOT NULL, `Header` OBJECT, `StreamRef_` CHAR(72) PRIMARY KEY `File_`, `Sequence` )
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (E4:D8) [19:58:01:390]: TRANSFORM: 'PatchPackage' table is missing or empty. No pre-transform fixup necessary.
MSI (s) (E4:D8) [19:58:01:390]: TRANSFORM: Applying regular transform to database.
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Tables 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Columns 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:390]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Media 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_PatchCache 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_BaselineData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_BaselineFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_BaselineCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: __MsiRegistryList 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: _MsiPatchAuthorTransformView 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: _MsiPatchPatchTransformView 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Detected that this is a 'Small Update' patch. Any remaining transforms in the patch will be skipped.
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: The minimum 'Media.DiskId' value inserted by a patch transform is 100
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: The maximum 'Media.DiskId' value inserted by a patch transform is 99
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: The minimum 'File.Sequence' or 'Patch.Sequence' value inserted by a patch transform is 10000
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: The maximum 'File.Sequence' or 'Patch.Sequence' value inserted by a patch transform is 9999.
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: Applying special patch transform to database.
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: CustomAction 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Feature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: FeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: FeatureExtensionData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiAssemblyName 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Registry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: RemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_PatchCache 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_BaselineData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_BaselineFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: #_BaselineCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: __MsiRegistryList 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: _MsiPatchPatchTransformView 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Transforming table Media.

MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: Media 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Transforming table Media.

MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Transforming table PatchPackage.

MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:406]: Transforming table PatchPackage.

MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: Modifying 'File' and 'Patch' rows added by this patch transform to have appropriate 'Sequence' values. Offsetting values by -10001
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: Modifying 'PatchPackage' table row added by this patch transform to use 'Media_' value 100.
MSI (s) (E4:D8) [19:58:01:406]: TRANSFORM: Modifying 'Media' table row added by this patch transform to use 'DiskId' value 100 and 'Source' values MSPSRCA7EEA2F2BFCD4A54A5757B81A786E658.
MSI (s) (E4:D8) [19:58:01:406]: Turning off patch optimization. {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} patch is not authored to support it.
MSI (s) (E4:D8) [19:58:01:406]: Looking for patch transform: SP1.1
MSI (s) (E4:D8) [19:58:01:406]: Validating transform 'SP1.1' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2749 2: SP1.1 3: C:\WINDOWS\Installer\175801a.msi 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:406]: 1: 2749 2: SP1.1 3: C:\WINDOWS\Installer\175801a.msi 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:406]: Note: 1: 2729
DEBUG: Error 2749: Transform SP1.1 invalid for package C:\WINDOWS\Installer\175801a.msi. Expected product version == 3.5.30730, found product version 3.5.30729.
MSI (s) (E4:D8) [19:58:01:421]: Skipping validation for patch transform #SP1.1. Will not apply because previous transform was invalid
MSI (s) (E4:D8) [19:58:01:421]: Looking for patch transform: SP1.2
MSI (s) (E4:D8) [19:58:01:421]: Validating transform 'SP1.2' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2749 2: SP1.2 3: C:\WINDOWS\Installer\175801a.msi 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:421]: 1: 2749 2: SP1.2 3: C:\WINDOWS\Installer\175801a.msi 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2729
1: 2749 2: SP1.1 3: C:\WINDOWS\Installer\175801a.msi 4: 3.5.30730 5: 3.5.30729
DEBUG: Error 2749: Transform SP1.2 invalid for package C:\WINDOWS\Installer\175801a.msi. Expected product version == 3.5.30730, found product version 3.5.30729.
MSI (s) (E4:D8) [19:58:01:421]: Skipping validation for patch transform #SP1.2. Will not apply because previous transform was invalid
MSI (s) (E4:D8) [19:58:01:421]: Looking for patch transform: SP1.1.1
MSI (s) (E4:D8) [19:58:01:421]: Validating transform 'SP1.1.1' with validation bits 0x922
MSI (s) (E4:D8) [19:58:01:421]: Transform 'SP1.1.1' is valid.
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: _Tables 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: _Columns 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table Component.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table Component.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table CustomAction.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table CustomAction.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: CustomAction 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table Feature.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table Feature.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Feature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table FeatureComponents.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table FeatureComponents.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: FeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table FeatureExtensionData.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table FeatureExtensionData.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: FeatureExtensionData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table InstallExecuteSequence.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table InstallExecuteSequence.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Media 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiAssemblyName 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table Registry.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table Registry.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Registry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Transforming table RemoveRegistry.

MSI (s) (E4:D8) [19:58:01:421]: Transforming table RemoveRegistry.

MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: RemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: CustomAction 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Feature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: FeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: FeatureExtensionData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiAssemblyName 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Registry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: RemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:421]: Note: 1: 2715 2: MicrosoftDotNetFrameworkAssistant_xpi.1E817AFC_AFB1_4759_A31B_4C23D023D5FF
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: This transform is not changing the 'Media.DiskId' column. No pre-transform fixup of this column is necessary.
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The maximum 'Media.LastSequence' or 'File.Sequence' value inserted by this transform is 1
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The minimum 'Media.DiskId' value inserted by a patch transform is 100
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The maximum 'Media.DiskId' value inserted by a patch transform is 100
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The minimum 'File.Sequence' or 'Patch.Sequence' value inserted by a patch transform is 10000
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The maximum 'File.Sequence' or 'Patch.Sequence' value inserted by a patch transform is 10009.
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: No collisions detected between this transform and existing data added by patch transforms. No pre-transform fixup is necessary.
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: Applying regular transform to database.
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _Tables 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _Columns 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Media 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiAssemblyName 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_PatchCache 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_BaselineData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_BaselineFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_BaselineCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiRegistryList 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _MsiPatchAuthorTransformView 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: PatchPackage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _MsiPatchPatchTransformView 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallComponent 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallRemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallFeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Detected that this is a 'Small Update' patch. Any remaining transforms in the patch will be skipped.
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The minimum 'Media.DiskId' value inserted by a patch transform is 100
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The maximum 'Media.DiskId' value inserted by a patch transform is 100
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The minimum 'File.Sequence' or 'Patch.Sequence' value inserted by a patch transform is 10000
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: The maximum 'File.Sequence' or 'Patch.Sequence' value inserted by a patch transform is 10009.
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: Applying special patch transform to database.
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _Validation 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AdminUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: AppSearch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: BindImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Directory 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: CreateFolder 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: CustomAction 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Error 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Feature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: FeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: FeatureExtensionData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: InstallUISequence 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: LaunchCondition 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiAssembly 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiAssemblyName 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiDigitalCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiPatchCertificate 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiSFCBypass 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: NativeImage 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Registry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: RegLocator 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: RemoveFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: RemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: ReserveCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: SxsMsmGenComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: UIText 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Upgrade 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: XmlConfig 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_PatchCache 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_BaselineData 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_BaselineFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: #_BaselineCost 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiRegistryList 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Patch 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: _MsiPatchPatchTransformView 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallComponent 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallFile 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallRemoveRegistry 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: __MsiPatchInstallFeatureComponents 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: Modifying 'File' and 'Patch' rows added by this patch transform to have appropriate 'Sequence' values. Offsetting values by -9991
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: Modifying 'PatchPackage' table row added by this patch transform to use 'Media_' value 101.
MSI (s) (E4:D8) [19:58:01:437]: TRANSFORM: Modifying 'Media' table row added by this patch transform to use 'DiskId' value 101 and 'Source' values MSPSRCB2AE9C82DC7B3641BFC887275C4F3607.
MSI (s) (E4:D8) [19:58:01:437]: Transforming table MsiFileHash.

MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Transforming table MsiFileHash.

MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Transforming table MsiFileHash.

MSI (s) (E4:D8) [19:58:01:437]: Transforming table MsiFileHash.

MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: MsiFileHash 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Transforming table Component.

MSI (s) (E4:D8) [19:58:01:437]: Transforming table Component.

MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Transforming table Component.

MSI (s) (E4:D8) [19:58:01:437]: Transforming table Component.

MSI (s) (E4:D8) [19:58:01:437]: Note: 1: 2262 2: Component 3: -2147287038
MSI (s) (E4:D8) [19:58:01:437]: Patch Modified Files List:
MSI (s) (E4:D8) [19:58:01:437]: File = Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8: Final State = Install
MSI (s) (E4:D8) [19:58:01:437]: File = Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8: Final State = Install
MSI (s) (E4:D8) [19:58:01:437]: File = Defaults_js.3643236F_FC70_11D3_A536_0090278A1BB8: Final State = Install
MSI (s) (E4:D8) [19:58:01:437]: File = Install_rdf.3643236F_FC70_11D3_A536_0090278A1BB8: Final State = Install
MSI (s) (E4:D8) [19:58:01:437]: File = MicrosoftDotNetFrameworkAssistant_xpi.1E817AFC_AFB1_4759_A31B_4C23D023D5FF: Final State = Install
1: 2749 2: SP1.2 3: C:\WINDOWS\Installer\175801a.msi 4: 3.5.30730 5: 3.5.30729
MSI (s) (E4:D8) [19:58:01:437]: APPCOMPAT: looking for appcompat database entry with ProductCode '{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}'.
MSI (s) (E4:D8) [19:58:01:437]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (E4:D8) [19:58:01:437]: Transforms are not secure.
MSI (s) (E4:D8) [19:58:01:437]: Transforming table Property.

Well.....it goes on and on and on....It just so happens that the last four letters of my mac address is E4:D8....don't guess that is an accident. I'll email you the direct link to the full doc it states who owns the document how it's installed etc. etc. It's basically like I am on a network I don't want to be a part of....but the way it is set up....I can't get off this train. I just want to know if you think I can get off....or do I just need to start over.

I also have more stuff I could upload. I know it's hard over a forum to get a whole picture, as well as there are limits to file size. I'm happy to give you an email with log in info and you can browse through all the files I have sent to it over the months. Or...could be that you can tell what this file is all about. I would have posted the whole thing...but could mean nothing and I hate to waste your time. I'll add the photos.....I have more....but we are limited with space here. Either way....got an error code with your instruction. See what you think .

















This one is important....as all of the file dates on the "hacker" installed files are 7/13/2009




Remember I told you that when I ran that Belarc program it said I was hosting a "samba server".....whatever that is.

Just to be clear.....I'm just a chick living in a 3/2/0 with a kid a bf and a dog...just a lap top and my bf's desk top. He has a itouch and we have all the usual ps3, wii and xbox....nothing high tech about it.... no samba server or need for samba anything or server anything. I serf the net looking for furniture and clothes. You know what I mean. :-)



Okay....I'm done ranting for the night. I know I'm not crazy. It's just tough showing you all this stuff in this forum. I know you are doing the best you can with the info you have. Thanks for everything! Have a great evening.

Christi

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 28 June 2010 - 01:06 PM

Okay, I believe that the PC is clean and the logs back that up. However, there are some things on the system which can be removed and could be causing the strange problems.

It is important to say that by reformatting and reinstalling the operating system you have already removed any malware that exists except for one rootkit, MBR, which you do not have. If there are problems after that then the chances are the gaming habits shown on this PC are causing these. Let's update your protection and clear up the OTL log.


Let's remove Spybot. This is now not a recommended antispyware program.

Use Windows Explorer to find and delete this folder:

Spybot - Search & Destroy

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Now install and run Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Next

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
2010-05-30 15:15:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-29 23:33:36 0 ----a-w- c:\users\jacks\ping204.237.131.25
:services
szkg5
is3srv
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

If that does not produce a full log then lease rerun OTL and do a basic scan and post the log.

Posted Image
m0le is a proud member of UNITE

#14 christijacks1

christijacks1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TX
  • Local time:08:34 AM

Posted 28 June 2010 - 09:21 PM

How did this happen again...I had this whole long reply drafted and then its like the screen just blinks and it's over....wow....worked on it for an hour...going back to the beginning of how all this happened. Second time that happened. First time I thought it was me...maybe it was me again.

oh well....Here are your results from your last request.

========== OTL ==========
========== SERVICES/DRIVERS ==========
Error: No service named szkg5 was found to stop!
Service\Driver key szkg5 not found.
Error: No service named is3srv was found to stop!
Service\Driver key is3srv not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.7.0 log created on 06282010_195220


You know me....got excited and ran it twice...can't follow directions. It's that ADD....Stopped taking the meds a couple months ago. LOL

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2010 at 06:01 PM

Application Version : 4.39.1002

Core Rules Database Version : 5130
Trace Rules Database Version: 2942

Scan type : Quick Scan
Total Scan Time : 00:22:15

Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 2629
Registry threats detected : 0
File items scanned : 13408
File threats detected : 7

Adware.Flash Tracking Cookie
C:\Users\Jacks\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP2MUXDP\CONVOAD.TECHNORATIMEDIA.COM
C:\Users\Jacks\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP2MUXDP\TRACK.ADFORM.NET
C:\Users\Jacks\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP2MUXDP\SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
convoad.technoratimedia.com [ C:\Users\Jacks\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SP2MUXDP ]
media.scanscout.com [ C:\Users\Jacks\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SP2MUXDP ]
secure-us.imrworldwide.com [ C:\Users\Jacks\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SP2MUXDP ]
track.adform.net [ C:\Users\Jacks\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SP2MUXDP ]


Obviously your way yeilded much better results.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2010 at 06:48 PM

Application Version : 4.39.1002

Core Rules Database Version : 5130
Trace Rules Database Version: 2942

Scan type : Complete Scan
Total Scan Time : 00:36:55

Memory items scanned : 685
Memory threats detected : 0
Registry items scanned : 13421
Registry threats detected : 0
File items scanned : 25851
File threats detected : 183

Adware.Tracking Cookie
C:\Users\Jacks\AppData\Roaming\Microsoft\Windows\Cookies\Low\jacks@atdmt[1].txt
.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.adecn.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.kontera.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ru4.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ru4.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.e-2dj6wjmyagajsdp.stats.esomniture.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.chitika.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
sales.liveperson.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.adtech.de [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.e-2dj6wfloomdpcho.stats.esomniture.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.e-2dj6wjlyelazmep.stats.esomniture.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.e-2dj6wjk4aiczclp.stats.esomniture.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.cb.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
www.salesgravyadservice.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
www.visitor-track.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
1zz.cqcounter.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.xiti.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.kontera.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.kontera.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.adinterax.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn4.specificclick.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn1.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
cdn1.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
pluckit.demandmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
track.adform.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
owa.dallascounty.org [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tracking.foxnews.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.overture.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.overture.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
ext-us.bestofmedia.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.microsoftwindows.112.2o7.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.revsci.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]
.trvlnet.adbureau.net [ C:\Users\Jacks\AppData\Roaming\Mozilla\Firefox\Profiles\334n5pq5.default\cookies.sqlite ]



Take a look at all of this.....I'll post more explanation in the morning. I will add this real quick.



I went to my Event Log files, clicked on Admin Events > Properties, and I didn't have "rights" to that file so I clicked on "edit filter" and found this.

<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Security">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="System">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="HardwareEvents">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Internet Explorer">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Key Management Service">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Media Center">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-Dhcp-Client/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-DhcpNap/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-Dhcpv6-Client/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-Diagnosis-Scripted/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-Kernel-EventTracing/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-MUI/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-PrintService/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-RemoteApp and Desktop Connections/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-RemoteAssistance/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-TerminalServices-LocalSessionManager/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Microsoft-Windows-WindowsBackup/ActionCenter">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="ODiag">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="OSession">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
<Select Path="Windows PowerShell">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
</Query>
</QueryList>


Just thought it odd I can't log my events....what do you think?

Okay....I'll get more to you tomorrow.

Thanks,

Christi


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:34 PM

Posted 29 June 2010 - 07:52 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users