Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo searches results redirected, no idea why?


  • This topic is locked This topic is locked
16 replies to this topic

#1 94prs22

94prs22

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 16 June 2010 - 10:33 PM

Hey all,
Would anyone be able to tell me why my yahoo and google searches keep getting redirected when I click on them? I've run Spybot and malewarebytes and they both find nothing wrong. Here's a hijackthis log, any help would be appreciated. I've also got a DDS file and attachment, but gmer won't run due to system32 being used.
Brandon

DDS (Ver_10-03-17.01) - NTFSX64
Run by Brandon at 22:40:59.43 on Wed 06/16/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8055.6139 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\vds.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QFWY6MJ\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.weau.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~2\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellComms] "c:\program files (x86)\dell\dellcomms\bin\sprtcmd.exe" /P DellComms
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\brandon\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-6-5 55280]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-27 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2010-6-5 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-5 155456]
R2 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2010-3-25 490280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-6-12 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-3-27 656624]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\dell\dellcomms\bin\sprtsvc.exe [2009-5-5 206064]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-3-28 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-3-28 321064]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-6-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-27 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-27 49480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-3-28 83488]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-27 41032]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-27 40904]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1255736]

=============== Created Last 30 ================

2010-06-17 03:21:29 0 d-----w- c:\program files (x86)\Trend Micro
2010-06-17 03:17:54 0 d-----w- c:\users\brandon\appdata\roaming\Malwarebytes
2010-06-17 03:17:48 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-17 03:17:48 0 d-----w- c:\programdata\Malwarebytes
2010-06-17 03:17:48 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-17 03:02:38 65536 --sha-w- c:\users\brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
2010-06-17 03:02:38 524288 --sha-w- c:\users\brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
2010-06-17 03:02:38 524288 --sha-w- c:\users\brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
2010-06-17 02:54:18 65536 --sha-w- c:\users\brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
2010-06-17 02:54:18 524288 --sha-w- c:\users\brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
2010-06-17 02:54:18 524288 --sha-w- c:\users\brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
2010-06-13 18:19:13 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-06-13 18:18:51 0 d-----w- c:\windows\PCHEALTH
2010-06-13 18:15:52 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-06-13 18:15:22 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-06-12 21:34:18 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-12 21:34:18 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-06-10 08:02:11 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-06-09 23:09:01 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-09 23:09:01 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-06-09 23:09:01 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-06-09 23:08:45 0 d-----w- c:\program files\iPod
2010-06-09 23:08:44 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-06-09 23:08:44 0 d-----w- c:\program files\iTunes
2010-06-09 23:08:44 0 d-----w- c:\program files (x86)\iTunes
2010-06-09 23:07:45 0 d-----w- c:\programdata\Apple Computer
2010-06-09 23:07:28 0 d-----w- c:\program files\common files\Apple
2010-06-09 23:07:21 0 d-----w- c:\program files\Bonjour
2010-06-09 23:07:21 0 d-----w- c:\program files (x86)\Bonjour
2010-06-09 23:07:17 0 d-----w- c:\programdata\Apple
2010-06-09 03:00:35 0 d-----w- c:\programdata\Nero
2010-06-09 02:59:42 0 d-----w- c:\program files (x86)\Nero
2010-06-09 02:55:06 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2010-06-09 02:54:50 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-06-09 02:54:31 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2010-06-09 02:54:15 3727720 ----a-w- c:\windows\syswow64\d3dx9_35.dll
2010-06-09 02:53:59 3497832 ----a-w- c:\windows\syswow64\d3dx9_34.dll
2010-06-09 02:53:43 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll
2010-06-08 16:24:19 0 d-----w- c:\program files (x86)\epson
2010-06-08 16:24:18 93184 ----a-w- c:\windows\system32\esxcwiad.dll
2010-06-08 16:19:09 0 d-----w- C:\epson
2010-06-07 23:22:31 0 d-----w- c:\windows\usb-audio.de
2010-06-07 08:19:48 0 d-----w- c:\windows\syswow64\Wat
2010-06-07 08:19:48 0 d-----w- c:\windows\system32\Wat
2010-06-06 14:05:00 0 d-----w- c:\users\brandon\Tracing
2010-06-06 13:27:56 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-06 13:27:56 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-06 04:41:54 0 d-----w- c:\program files\Microsoft Office
2010-06-06 04:41:31 0 d-----w- c:\programdata\Microsoft Help
2010-06-06 04:21:46 0 d-----w- c:\users\brandon\appdata\roaming\GetRightToGo
2010-06-06 03:50:11 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-06-06 03:50:11 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-06 03:50:11 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-06 03:50:10 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-06-06 03:50:09 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-06-06 03:50:07 0 d-----w- c:\program files (x86)\Roxio
2010-06-06 03:49:16 0 d-----w- c:\users\brandon\appdata\roaming\Roxio Log Files
2010-06-06 03:39:46 0 d-----w- c:\users\brandon\appdata\roaming\Macrovision
2010-06-06 03:30:04 0 d-----w- c:\program files (x86)\Guitar Pro 5
2010-06-06 03:29:59 441600 ----a-w- C:\Stramel Films.avi.index
2010-06-06 03:28:59 37799036 ----a-w- C:\Red Smear 2008-05-0207.wav
2010-06-06 03:27:59 47540940 ----a-w- C:\NT2009-04-24t7.flac
2010-06-06 03:25:53 3310125212 ----a-w- C:\Nervous Turkey.nrg
2010-06-06 03:24:39 838287360 ----a-w- C:\Hey Janeane.avi
2010-06-06 03:24:39 291904 ----a-w- C:\Guitars.avi.index
2010-06-06 03:24:39 291832 ----a-w- C:\Guitars.avi.A.index
2010-06-06 03:24:39 191 ----a-w- C:\Guitars.scn
2010-06-06 03:24:39 160516 ----a-w- C:\Hammond Alien Return.pk
2010-06-06 03:24:39 13686116 ----a-w- C:\Hammond Alien Return.wav
2010-06-06 03:24:33 695 ----a-w- C:\Grimm 4-4-08 tape 2.mpg.scn
2010-06-06 03:24:33 191882258 ----a-w- C:\Guitar stuff.mpg
2010-06-06 03:22:08 3490654 ----a-w- C:\Grand Funk Railroad - Bad Time.mp3
2010-06-06 03:22:04 765076 ----a-w- C:\Dulli.pk
2010-06-06 03:22:04 25088 ----a-w- C:\FP department physicians interview protochol.doc
2010-06-06 03:22:04 149827660 ----a-w- C:\Glossary - Dear Friends and Gentle Hearts.zip
2010-06-06 03:22:02 405820 ----a-w- C:\Dulli 2 Cover Me.pk
2010-06-06 03:22:02 34622128 ----a-w- C:\Dulli 2 Cover Me.wav
2010-06-06 03:22:01 494584 ----a-w- C:\Dulli 1 Hard Luck Guy.pk
2010-06-06 03:22:01 42196964 ----a-w- C:\Dulli 1 Hard Luck Guy.wav
2010-06-06 03:22:00 808804 ----a-w- C:\DBT.pk
2010-06-06 03:22:00 22842777 ----a-w- C:\Drive-By_Truckers_--_Girls_Who_Smoke_(Bonus_Track).flac
2010-06-06 03:20:55 0 d-----w- C:\WinRAR
2010-06-06 03:20:46 0 d-----w- C:\VIDEO_TS
2010-06-06 03:20:46 0 d-----w- C:\Various Artists
2010-06-06 03:20:45 0 d-----w- C:\UTI9
2010-06-06 03:20:42 0 d-----w- C:\UT_CnR
2010-06-06 03:20:25 0 d-----w- C:\UT demos
2010-06-06 03:20:11 0 d-----w- C:\Uncle Tupelo1994-04-29
2010-06-06 03:19:56 0 d-----w- C:\Total.Recorder.v6.0.Pro
2010-06-06 03:19:53 0 d-----w- C:\The_Suburbs_CD___Digital_Preorder
2010-06-06 03:19:36 0 d-----w- C:\sv2008-04-09.mk21.flac16
2010-06-06 03:19:34 0 d-----w- C:\Studer Stuff
2010-06-06 03:19:13 0 d-----w- C:\sonvolt051707flac
2010-06-06 03:18:53 0 d-----w- C:\sonvolt2007-06-15
2010-06-06 03:18:33 0 d-----w- C:\SonVolt2007-06-14.flac16
2010-06-06 03:18:12 0 d-----w- C:\sonvolt2007-06-09flac16
2010-06-06 03:17:51 0 d-----w- C:\sonvolt2007-04-07.4060-MC012-mix.flac16
2010-06-06 03:17:32 0 d-----w- C:\sonvolt2007-04-05.4022.flac16
2010-06-06 03:17:15 0 d-----w- C:\Son Volt2007.05.14-16bit
2010-06-06 03:17:12 0 d-----w- C:\Son Volt ACD
2010-06-06 03:16:53 0 d-----w- C:\Son Volt 05-05-07 Helotes, TX
2010-06-06 03:16:32 0 d-----w- C:\Son Volt 4-20-07
2010-06-06 03:16:10 0 d-----w- C:\Son Volt
2010-06-06 03:16:08 0 d-----w- C:\Sleigh Bells - 2hellwu (2009)
2010-06-06 03:16:05 0 d-----w- C:\sick sick sick
2010-06-06 03:15:47 0 d-----w- C:\She & Him stuff
2010-06-06 03:15:18 0 d-----w- C:\Seagate
2010-06-06 03:10:21 0 d-----w- C:\Pinnacle.Studio.Plus.Titanium.Edition.v10.6.MULTiLANGUAGE.ISO-TBE
2010-06-06 03:10:19 0 d-----w- C:\nora
2010-06-06 03:10:03 0 d-----w- C:\NINJA_2009_Tour_Sampler_wav plus Jane's cabinet best buy bonus disc
2010-06-06 03:09:28 0 d-----w- C:\Nervous Turkey DVD audio
2010-06-06 03:08:25 0 d-----w- C:\Nervous Turkey 9-20-09
2010-06-06 03:04:32 0 d-----r- C:\My Documents
2010-06-06 03:04:26 0 d-----w- C:\More C Drive Stuff
2010-06-06 03:04:25 0 d-----w- C:\Michael K. Weise
2010-06-06 03:04:10 0 d-----w- C:\Matthew Grimm 2008-04-05 stereo matrix
2010-06-06 03:04:01 0 d-----w- C:\Matthew Grimm 2008-04-05 matrix
2010-06-06 03:03:37 0 d-----w- C:\Matthew Grimm 2008-04-05 FULL WAVES
2010-06-06 03:03:30 0 d-----w- C:\Matthew Grimm 2008-04-05
2010-06-06 03:03:24 0 d-----w- C:\macongreyson_ep
2010-06-06 03:03:23 0 d-----w- C:\LimeWire
2010-06-06 03:01:20 0 d-----w- C:\Johnnyman
2010-06-06 03:01:04 0 d-----w- C:\Jane's Addiction demos n unreleased
2010-06-06 03:01:02 0 d-----r- C:\IDEOLOGY
2010-06-06 03:00:40 0 d-----w- C:\Howard Iceberg Unreleased
2010-06-06 03:00:25 0 d-----w- C:\Howard Iceberg November Nights
2010-06-06 03:00:05 0 d-----w- C:\Howard Iceberg Maiden Voyage
2010-06-06 02:59:53 0 d-----w- C:\Howard Iceberg First Fade
2010-06-06 02:59:39 0 d-----w- C:\Howard Iceberg Final Fade
2010-06-06 02:59:24 0 d-----w- C:\Howard Iceberg and Mike Ireland unreleased tunes
2010-06-06 02:55:24 0 d-----w- c:\program files (x86)\coolpro2
2010-06-06 02:51:21 0 d-----w- C:\Guitar Pro 5.1 source
2010-06-06 02:50:58 0 d-----w- C:\Guitar Pro 5.1 [RSE]
2010-06-06 02:50:57 0 d-----w- C:\Goldfinger
2010-06-06 02:50:45 0 d-----w- C:\Glossary - Dear Friends and Gentle Hearts
2010-06-06 02:50:45 0 d-----w- C:\Exact Audio Copy
2010-06-06 02:50:45 0 d-----w- C:\DVD Audio Extractor
2010-06-06 02:50:43 0 d-----w- C:\Ditch Witch
2010-06-06 02:50:19 0 d-----w- C:\dbt - ahc town burned down
2010-06-06 02:50:13 0 d-----w- C:\coolpro2
2010-06-06 02:50:06 0 d-----w- C:\cagadas
2010-06-06 02:33:17 0 d-----w- C:\C Drive Stuff
2010-06-06 02:33:01 0 d-----w- C:\buck pets demo
2010-06-06 02:32:45 0 d-----w- C:\BottleRockets2008-04-19.flac16
2010-06-06 02:32:35 0 d-----w- C:\Ass Ponys 2001-6-9
2010-06-06 02:32:19 0 d-----w- C:\Arms_Aloft-Comfort_At_Any_Cost-2008
2010-06-06 02:32:18 0 d-----r- C:\ARMIES
2010-06-06 01:49:52 0 d-----w- C:\Angie's Email
2010-06-06 01:49:51 0 d-----w- C:\Angie's Documents
2010-06-06 01:49:49 0 d-----w- C:\abproject2007-01-21
2010-06-06 01:26:21 0 d-----w- c:\users\brandon\My Backup Files
2010-06-06 01:24:03 0 d-sh--w- C:\System Recovery
2010-06-06 01:20:50 0 d-----w- c:\users\brandon\appdata\roaming\Dell
2010-06-06 01:14:53 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-06-06 01:14:53 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-06-06 01:14:53 139264 ----a-w- c:\windows\system32\cabview.dll
2010-06-06 01:14:53 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-06-06 01:14:15 12329 ----a-w- c:\windows\system32\Config.MPF

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-08 18:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 18:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-03-28 02:52:19 455680 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 02:52:19 432128 ----a-w- c:\windows\system32\jucheck.exe
2010-03-28 02:52:19 41984 ----a-w- c:\windows\system32\jureg.exe
2010-03-28 02:52:19 172032 ----a-w- c:\windows\system32\jusched.exe
2010-03-28 02:52:06 55072 ----a-w- c:\windows\syswow64\jureg.exe
2010-03-28 02:52:06 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-03-28 02:52:06 386872 ----a-w- c:\windows\syswow64\jucheck.exe
2010-03-28 02:52:06 149280 ----a-w- c:\windows\syswow64\jusched.exe
2010-03-28 02:52:06 149280 ----a-w- c:\windows\syswow64\javaws.exe
2010-03-28 02:52:06 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-03-28 02:52:06 145184 ----a-w- c:\windows\syswow64\java.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:41:30.04 ===============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:56 PM, on 6/16/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2577728\HijackThis[1].exe
C:\PROGRA~2\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Users\Brandon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weau.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13288 bytes

Attached Files


Edited by 94prs22, 16 June 2010 - 11:25 PM.
Moved from Win7 ~BP


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 22 June 2010 - 04:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 23 June 2010 - 09:33 PM

Here's my current DDS log, unfortunately I get an error message when running gmer
that says C:\\Windows/system32/config/system, the system cannot find the file specified. Currently my problem is yahoo/google search results being redirected when I click on them, I'm also now having some random google search popups too.
Thanks for the help,
Brandon
DDS (Ver_10-03-17.01) - NTFSX64
Run by Brandon at 21:25:46.79 on Wed 06/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8055.6069 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\vds.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~2\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brandon\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.weau.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~2\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [lacaafyo] c:\users\brandon\appdata\local\wljiebblu\yujpkuntssd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellComms] "c:\program files (x86)\dell\dellcomms\bin\sprtcmd.exe" /P DellComms
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\brandon\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-6-5 55280]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-27 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2010-6-5 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-5 155456]
R2 NAUpdate;Nero Update;c:\program files (x86)\nero\update\NASvc.exe [2010-3-25 490280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-6-12 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-3-27 656624]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\dell\dellcomms\bin\sprtsvc.exe [2009-5-5 206064]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-3-28 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2010-3-28 321064]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-6-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-27 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-27 49480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-3-28 83488]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-27 41032]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-27 40904]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1255736]

=============== Created Last 30 ================

2010-06-23 20:32:48 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 20:32:48 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-23 20:32:48 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 20:32:48 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 20:32:48 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 20:32:48 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-23 20:32:48 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-23 20:32:48 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 20:32:48 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-23 20:32:48 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 18:28:00 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 18:28:00 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-06-23 18:27:57 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 18:27:57 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-06-23 18:27:57 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 18:27:56 552960 ----a-w- c:\windows\system32\msdri.dll
2010-06-23 18:27:56 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 18:27:56 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-06-23 18:27:56 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-06-17 03:58:09 0 ----a-w- c:\users\brandon\defogger_reenable
2010-06-17 03:21:29 0 d-----w- c:\program files (x86)\Trend Micro
2010-06-17 03:17:54 0 d-----w- c:\users\brandon\appdata\roaming\Malwarebytes
2010-06-17 03:17:48 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-17 03:17:48 0 d-----w- c:\programdata\Malwarebytes
2010-06-17 03:17:48 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-17 03:02:38 65536 --sha-w- c:\users\brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
2010-06-17 03:02:38 524288 --sha-w- c:\users\brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
2010-06-17 03:02:38 524288 --sha-w- c:\users\brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
2010-06-17 02:54:18 65536 --sha-w- c:\users\brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
2010-06-17 02:54:18 524288 --sha-w- c:\users\brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
2010-06-17 02:54:18 524288 --sha-w- c:\users\brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
2010-06-13 18:19:13 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-06-13 18:18:51 0 d-----w- c:\windows\PCHEALTH
2010-06-13 18:15:52 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-06-13 18:15:22 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-06-12 21:34:18 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-12 21:34:18 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-06-10 08:02:11 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-06-09 23:09:01 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-09 23:09:01 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-06-09 23:09:01 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-06-09 23:08:45 0 d-----w- c:\program files\iPod
2010-06-09 23:08:44 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-06-09 23:08:44 0 d-----w- c:\program files\iTunes
2010-06-09 23:08:44 0 d-----w- c:\program files (x86)\iTunes
2010-06-09 23:07:45 0 d-----w- c:\programdata\Apple Computer
2010-06-09 23:07:28 0 d-----w- c:\program files\common files\Apple
2010-06-09 23:07:21 0 d-----w- c:\program files\Bonjour
2010-06-09 23:07:21 0 d-----w- c:\program files (x86)\Bonjour
2010-06-09 23:07:17 0 d-----w- c:\programdata\Apple
2010-06-09 03:00:35 0 d-----w- c:\programdata\Nero
2010-06-09 02:59:42 0 d-----w- c:\program files (x86)\Nero
2010-06-09 02:55:06 1974616 ----a-w- c:\windows\syswow64\D3DCompiler_42.dll
2010-06-09 02:54:50 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-06-09 02:54:31 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2010-06-09 02:54:15 3727720 ----a-w- c:\windows\syswow64\d3dx9_35.dll
2010-06-09 02:53:59 3497832 ----a-w- c:\windows\syswow64\d3dx9_34.dll
2010-06-09 02:53:43 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll
2010-06-08 16:24:19 0 d-----w- c:\program files (x86)\epson
2010-06-08 16:24:18 93184 ----a-w- c:\windows\system32\esxcwiad.dll
2010-06-08 16:19:09 0 d-----w- C:\epson
2010-06-07 23:22:31 0 d-----w- c:\windows\usb-audio.de
2010-06-07 08:19:48 0 d-----w- c:\windows\syswow64\Wat
2010-06-07 08:19:48 0 d-----w- c:\windows\system32\Wat
2010-06-06 14:05:00 0 d-----w- c:\users\brandon\Tracing
2010-06-06 13:27:56 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-06 13:27:56 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-06 04:41:54 0 d-----w- c:\program files\Microsoft Office
2010-06-06 04:41:31 0 d-----w- c:\programdata\Microsoft Help
2010-06-06 04:21:46 0 d-----w- c:\users\brandon\appdata\roaming\GetRightToGo
2010-06-06 03:50:11 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-06-06 03:50:11 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-06 03:50:11 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-06 03:50:10 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-06-06 03:50:09 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-06-06 03:50:07 0 d-----w- c:\program files (x86)\Roxio
2010-06-06 03:49:16 0 d-----w- c:\users\brandon\appdata\roaming\Roxio Log Files
2010-06-06 03:39:46 0 d-----w- c:\users\brandon\appdata\roaming\Macrovision
2010-06-06 03:30:04 0 d-----w- c:\program files (x86)\Guitar Pro 5
2010-06-06 03:29:59 441600 ----a-w- C:\Stramel Films.avi.index
2010-06-06 03:28:59 37799036 ----a-w- C:\Red Smear 2008-05-0207.wav
2010-06-06 03:27:59 47540940 ----a-w- C:\NT2009-04-24t7.flac
2010-06-06 03:25:53 3310125212 ----a-w- C:\Nervous Turkey.nrg
2010-06-06 03:24:39 838287360 ----a-w- C:\Hey Janeane.avi
2010-06-06 03:24:39 291904 ----a-w- C:\Guitars.avi.index
2010-06-06 03:24:39 291832 ----a-w- C:\Guitars.avi.A.index
2010-06-06 03:24:39 191 ----a-w- C:\Guitars.scn
2010-06-06 03:24:39 160516 ----a-w- C:\Hammond Alien Return.pk
2010-06-06 03:24:39 13686116 ----a-w- C:\Hammond Alien Return.wav
2010-06-06 03:24:33 695 ----a-w- C:\Grimm 4-4-08 tape 2.mpg.scn
2010-06-06 03:24:33 191882258 ----a-w- C:\Guitar stuff.mpg
2010-06-06 03:22:08 3490654 ----a-w- C:\Grand Funk Railroad - Bad Time.mp3
2010-06-06 03:22:04 765076 ----a-w- C:\Dulli.pk
2010-06-06 03:22:04 25088 ----a-w- C:\FP department physicians interview protochol.doc
2010-06-06 03:22:04 149827660 ----a-w- C:\Glossary - Dear Friends and Gentle Hearts.zip
2010-06-06 03:22:02 405820 ----a-w- C:\Dulli 2 Cover Me.pk
2010-06-06 03:22:02 34622128 ----a-w- C:\Dulli 2 Cover Me.wav
2010-06-06 03:22:01 494584 ----a-w- C:\Dulli 1 Hard Luck Guy.pk
2010-06-06 03:22:01 42196964 ----a-w- C:\Dulli 1 Hard Luck Guy.wav
2010-06-06 03:22:00 808804 ----a-w- C:\DBT.pk
2010-06-06 03:22:00 22842777 ----a-w- C:\Drive-By_Truckers_--_Girls_Who_Smoke_(Bonus_Track).flac
2010-06-06 03:20:55 0 d-----w- C:\WinRAR
2010-06-06 03:20:46 0 d-----w- C:\VIDEO_TS
2010-06-06 03:20:46 0 d-----w- C:\Various Artists
2010-06-06 03:20:45 0 d-----w- C:\UTI9
2010-06-06 03:20:42 0 d-----w- C:\UT_CnR
2010-06-06 03:20:25 0 d-----w- C:\UT demos
2010-06-06 03:20:11 0 d-----w- C:\Uncle Tupelo1994-04-29
2010-06-06 03:19:56 0 d-----w- C:\Total.Recorder.v6.0.Pro
2010-06-06 03:19:53 0 d-----w- C:\The_Suburbs_CD___Digital_Preorder
2010-06-06 03:19:36 0 d-----w- C:\sv2008-04-09.mk21.flac16
2010-06-06 03:19:34 0 d-----w- C:\Studer Stuff
2010-06-06 03:19:13 0 d-----w- C:\sonvolt051707flac
2010-06-06 03:18:53 0 d-----w- C:\sonvolt2007-06-15
2010-06-06 03:18:33 0 d-----w- C:\SonVolt2007-06-14.flac16
2010-06-06 03:18:12 0 d-----w- C:\sonvolt2007-06-09flac16
2010-06-06 03:17:51 0 d-----w- C:\sonvolt2007-04-07.4060-MC012-mix.flac16
2010-06-06 03:17:32 0 d-----w- C:\sonvolt2007-04-05.4022.flac16
2010-06-06 03:17:15 0 d-----w- C:\Son Volt2007.05.14-16bit
2010-06-06 03:17:12 0 d-----w- C:\Son Volt ACD
2010-06-06 03:16:53 0 d-----w- C:\Son Volt 05-05-07 Helotes, TX
2010-06-06 03:16:32 0 d-----w- C:\Son Volt 4-20-07
2010-06-06 03:16:10 0 d-----w- C:\Son Volt
2010-06-06 03:16:08 0 d-----w- C:\Sleigh Bells - 2hellwu (2009)
2010-06-06 03:16:05 0 d-----w- C:\sick sick sick
2010-06-06 03:15:47 0 d-----w- C:\She & Him stuff
2010-06-06 03:15:18 0 d-----w- C:\Seagate
2010-06-06 03:10:21 0 d-----w- C:\Pinnacle.Studio.Plus.Titanium.Edition.v10.6.MULTiLANGUAGE.ISO-TBE
2010-06-06 03:10:19 0 d-----w- C:\nora
2010-06-06 03:10:03 0 d-----w- C:\NINJA_2009_Tour_Sampler_wav plus Jane's cabinet best buy bonus disc
2010-06-06 03:09:28 0 d-----w- C:\Nervous Turkey DVD audio
2010-06-06 03:08:25 0 d-----w- C:\Nervous Turkey 9-20-09
2010-06-06 03:04:32 0 d-----r- C:\My Documents
2010-06-06 03:04:26 0 d-----w- C:\More C Drive Stuff
2010-06-06 03:04:25 0 d-----w- C:\Michael K. Weise
2010-06-06 03:04:10 0 d-----w- C:\Matthew Grimm 2008-04-05 stereo matrix
2010-06-06 03:04:01 0 d-----w- C:\Matthew Grimm 2008-04-05 matrix
2010-06-06 03:03:37 0 d-----w- C:\Matthew Grimm 2008-04-05 FULL WAVES
2010-06-06 03:03:30 0 d-----w- C:\Matthew Grimm 2008-04-05
2010-06-06 03:03:24 0 d-----w- C:\macongreyson_ep
2010-06-06 03:03:23 0 d-----w- C:\LimeWire
2010-06-06 03:01:20 0 d-----w- C:\Johnnyman
2010-06-06 03:01:04 0 d-----w- C:\Jane's Addiction demos n unreleased
2010-06-06 03:01:02 0 d-----r- C:\IDEOLOGY
2010-06-06 03:00:40 0 d-----w- C:\Howard Iceberg Unreleased
2010-06-06 03:00:25 0 d-----w- C:\Howard Iceberg November Nights
2010-06-06 03:00:05 0 d-----w- C:\Howard Iceberg Maiden Voyage
2010-06-06 02:59:53 0 d-----w- C:\Howard Iceberg First Fade
2010-06-06 02:59:39 0 d-----w- C:\Howard Iceberg Final Fade
2010-06-06 02:59:24 0 d-----w- C:\Howard Iceberg and Mike Ireland unreleased tunes
2010-06-06 02:55:24 0 d-----w- c:\program files (x86)\coolpro2
2010-06-06 02:51:21 0 d-----w- C:\Guitar Pro 5.1 source
2010-06-06 02:50:58 0 d-----w- C:\Guitar Pro 5.1 [RSE]
2010-06-06 02:50:57 0 d-----w- C:\Goldfinger
2010-06-06 02:50:45 0 d-----w- C:\Glossary - Dear Friends and Gentle Hearts
2010-06-06 02:50:45 0 d-----w- C:\Exact Audio Copy
2010-06-06 02:50:45 0 d-----w- C:\DVD Audio Extractor
2010-06-06 02:50:43 0 d-----w- C:\Ditch Witch
2010-06-06 02:50:19 0 d-----w- C:\dbt - ahc town burned down
2010-06-06 02:50:13 0 d-----w- C:\coolpro2
2010-06-06 02:50:06 0 d-----w- C:\cagadas
2010-06-06 02:33:17 0 d-----w- C:\C Drive Stuff
2010-06-06 02:33:01 0 d-----w- C:\buck pets demo
2010-06-06 02:32:45 0 d-----w- C:\BottleRockets2008-04-19.flac16
2010-06-06 02:32:35 0 d-----w- C:\Ass Ponys 2001-6-9
2010-06-06 02:32:19 0 d-----w- C:\Arms_Aloft-Comfort_At_Any_Cost-2008
2010-06-06 02:32:18 0 d-----r- C:\ARMIES
2010-06-06 01:49:52 0 d-----w- C:\Angie's Email
2010-06-06 01:49:51 0 d-----w- C:\Angie's Documents
2010-06-06 01:49:49 0 d-----w- C:\abproject2007-01-21
2010-06-06 01:26:21 0 d-----w- c:\users\brandon\My Backup Files
2010-06-06 01:24:03 0 d-sh--w- C:\System Recovery
2010-06-06 01:20:50 0 d-----w- c:\users\brandon\appdata\roaming\Dell
2010-06-06 01:14:53 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-06-06 01:14:53 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-06-06 01:14:53 139264 ----a-w- c:\windows\system32\cabview.dll
2010-06-06 01:14:53 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-06-06 01:14:15 12647 ----a-w- c:\windows\system32\Config.MPF

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-08 18:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 18:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-03-28 02:52:19 455680 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 02:52:19 432128 ----a-w- c:\windows\system32\jucheck.exe
2010-03-28 02:52:19 41984 ----a-w- c:\windows\system32\jureg.exe
2010-03-28 02:52:19 172032 ----a-w- c:\windows\system32\jusched.exe
2010-03-28 02:52:06 55072 ----a-w- c:\windows\syswow64\jureg.exe
2010-03-28 02:52:06 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-03-28 02:52:06 386872 ----a-w- c:\windows\syswow64\jucheck.exe
2010-03-28 02:52:06 149280 ----a-w- c:\windows\syswow64\jusched.exe
2010-03-28 02:52:06 149280 ----a-w- c:\windows\syswow64\javaws.exe
2010-03-28 02:52:06 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-03-28 02:52:06 145184 ----a-w- c:\windows\syswow64\java.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:26:14.64 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 25 June 2010 - 12:42 PM

Hello, 94prs22
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 25 June 2010 - 06:33 PM

Hey Tom,
Thank you for the help. Here are the items requested:

OTL logfile created on: 6/25/2010 6:16:33 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Brandon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 729.15 Gb Free Space | 79.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-PC
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/25 18:15:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/26 10:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/12/02 16:49:00 | 000,414,960 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/12/02 16:48:00 | 000,347,888 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/12/02 16:47:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/11/02 19:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 17:45:22 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSM\McSmtFwk.exe
PRC - [2009/05/05 05:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2009/05/05 05:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe


========== Modules (SafeList) ==========

MOD - [2010/06/25 18:15:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/27 21:53:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/12/02 16:47:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/05 05:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 16:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/27 07:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/18 09:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/09 13:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/10 16:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 16:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weau.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [lacaafyo] C:\Users\Brandon\AppData\Local\wljiebblu\yujpkuntssd.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 04:32:46 | 000,000,288 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/25 18:15:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/19 16:25:59 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\wljiebblu
[2010/06/16 23:19:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\gmer
[2010/06/16 22:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/16 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
[2010/06/16 22:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/16 22:17:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/13 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Documents\Outlook Files
[2010/06/13 13:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/06/13 13:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/13 13:18:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/13 13:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/13 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/06/12 20:15:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\FileZilla
[2010/06/12 20:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/12 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Diagnostics
[2010/06/10 03:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Apple Computer
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple Computer
[2010/06/09 18:09:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/09 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/09 18:07:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple
[2010/06/09 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/09 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/08 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Nero
[2010/06/08 22:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/06/08 21:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/06/08 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/06/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2010/06/08 11:19:09 | 000,000,000 | ---D | C] -- C:\epson
[2010/06/07 18:22:31 | 000,177,760 | ---- | C] (ESI) -- C:\Windows\SysWow64\drivers\u24.sys
[2010/06/07 18:22:31 | 000,020,960 | ---- | C] (usb-audio.de) -- C:\Windows\SysWow64\drivers\pgusbmm3.sys
[2010/06/07 18:22:31 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.de
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/06 10:34:27 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Adobe
[2010/06/06 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Tracing
[2010/06/05 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/05 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/05 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft Help
[2010/06/05 23:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/05 23:41:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/05 23:21:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\GetRightToGo
[2010/06/05 23:03:36 | 000,000,000 | R-SD | C] -- C:\Users\Brandon\Documents\My Stationery
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/06/05 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/06/05 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/06/05 22:49:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio Log Files
[2010/06/05 22:39:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macrovision
[2010/06/05 22:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2010/06/05 22:29:12 | 000,156,312 | ---- | C] (Seagate Technology LLC) -- C:\Setup.exe
[2010/06/05 22:21:46 | 018,540,611 | ---- | C] (Agree Software, Inc. ) -- C:\agree-free-dvd-audio-ripper.exe
[2010/06/05 22:20:55 | 000,000,000 | ---D | C] -- C:\WinRAR
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\VIDEO_TS
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\Various Artists
[2010/06/05 22:20:45 | 000,000,000 | ---D | C] -- C:\UTI9
[2010/06/05 22:20:42 | 000,000,000 | ---D | C] -- C:\UT_CnR
[2010/06/05 22:20:25 | 000,000,000 | ---D | C] -- C:\UT demos
[2010/06/05 22:20:11 | 000,000,000 | ---D | C] -- C:\Uncle Tupelo1994-04-29
[2010/06/05 22:19:56 | 000,000,000 | ---D | C] -- C:\Total.Recorder.v6.0.Pro
[2010/06/05 22:19:53 | 000,000,000 | ---D | C] -- C:\The_Suburbs_CD___Digital_Preorder
[2010/06/05 22:19:36 | 000,000,000 | ---D | C] -- C:\sv2008-04-09.mk21.flac16
[2010/06/05 22:19:34 | 000,000,000 | ---D | C] -- C:\Studer Stuff
[2010/06/05 22:19:13 | 000,000,000 | ---D | C] -- C:\sonvolt051707flac
[2010/06/05 22:18:53 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-15
[2010/06/05 22:18:33 | 000,000,000 | ---D | C] -- C:\SonVolt2007-06-14.flac16
[2010/06/05 22:18:12 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-09flac16
[2010/06/05 22:17:51 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-07.4060-MC012-mix.flac16
[2010/06/05 22:17:32 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-05.4022.flac16
[2010/06/05 22:17:15 | 000,000,000 | ---D | C] -- C:\Son Volt2007.05.14-16bit
[2010/06/05 22:17:12 | 000,000,000 | ---D | C] -- C:\Son Volt ACD
[2010/06/05 22:16:53 | 000,000,000 | ---D | C] -- C:\Son Volt 05-05-07 Helotes, TX
[2010/06/05 22:16:32 | 000,000,000 | ---D | C] -- C:\Son Volt 4-20-07
[2010/06/05 22:16:10 | 000,000,000 | ---D | C] -- C:\Son Volt
[2010/06/05 22:16:08 | 000,000,000 | ---D | C] -- C:\Sleigh Bells - 2hellwu (2009)
[2010/06/05 22:16:05 | 000,000,000 | ---D | C] -- C:\sick sick sick
[2010/06/05 22:15:47 | 000,000,000 | ---D | C] -- C:\She & Him stuff
[2010/06/05 22:15:18 | 000,000,000 | ---D | C] -- C:\Seagate
[2010/06/05 22:10:21 | 000,000,000 | ---D | C] -- C:\Pinnacle.Studio.Plus.Titanium.Edition.v10.6.MULTiLANGUAGE.ISO-TBE
[2010/06/05 22:10:19 | 000,000,000 | ---D | C] -- C:\nora
[2010/06/05 22:10:03 | 000,000,000 | ---D | C] -- C:\NINJA_2009_Tour_Sampler_wav plus Jane's cabinet best buy bonus disc
[2010/06/05 22:09:28 | 000,000,000 | ---D | C] -- C:\Nervous Turkey DVD audio
[2010/06/05 22:08:25 | 000,000,000 | ---D | C] -- C:\Nervous Turkey 9-20-09
[2010/06/05 22:04:32 | 000,000,000 | R--D | C] -- C:\My Documents
[2010/06/05 22:04:26 | 000,000,000 | ---D | C] -- C:\More C Drive Stuff
[2010/06/05 22:04:25 | 000,000,000 | ---D | C] -- C:\Michael K. Weise
[2010/06/05 22:04:10 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 stereo matrix
[2010/06/05 22:04:01 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 matrix
[2010/06/05 22:03:37 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 FULL WAVES
[2010/06/05 22:03:30 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05
[2010/06/05 22:03:24 | 000,000,000 | ---D | C] -- C:\macongreyson_ep
[2010/06/05 22:03:23 | 000,000,000 | ---D | C] -- C:\LimeWire
[2010/06/05 22:01:20 | 000,000,000 | ---D | C] -- C:\Johnnyman
[2010/06/05 22:01:04 | 000,000,000 | ---D | C] -- C:\Jane's Addiction demos n unreleased
[2010/06/05 22:01:02 | 000,000,000 | R--D | C] -- C:\IDEOLOGY
[2010/06/05 22:00:40 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Unreleased
[2010/06/05 22:00:25 | 000,000,000 | ---D | C] -- C:\Howard Iceberg November Nights
[2010/06/05 22:00:05 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Maiden Voyage
[2010/06/05 21:59:53 | 000,000,000 | ---D | C] -- C:\Howard Iceberg First Fade
[2010/06/05 21:59:39 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Final Fade
[2010/06/05 21:59:24 | 000,000,000 | ---D | C] -- C:\Howard Iceberg and Mike Ireland unreleased tunes
[2010/06/05 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Syntrillium
[2010/06/05 21:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2010/06/05 21:51:21 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 source
[2010/06/05 21:50:58 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 [RSE]
[2010/06/05 21:50:57 | 000,000,000 | ---D | C] -- C:\Goldfinger
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Glossary - Dear Friends and Gentle Hearts
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Exact Audio Copy
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\DVD Audio Extractor
[2010/06/05 21:50:43 | 000,000,000 | ---D | C] -- C:\Ditch Witch
[2010/06/05 21:50:19 | 000,000,000 | ---D | C] -- C:\dbt - ahc town burned down
[2010/06/05 21:50:13 | 000,000,000 | ---D | C] -- C:\coolpro2
[2010/06/05 21:50:06 | 000,000,000 | ---D | C] -- C:\cagadas
[2010/06/05 21:33:17 | 000,000,000 | ---D | C] -- C:\C Drive Stuff
[2010/06/05 21:33:01 | 000,000,000 | ---D | C] -- C:\buck pets demo
[2010/06/05 21:32:45 | 000,000,000 | ---D | C] -- C:\BottleRockets2008-04-19.flac16
[2010/06/05 21:32:35 | 000,000,000 | ---D | C] -- C:\Ass Ponys 2001-6-9
[2010/06/05 21:32:19 | 000,000,000 | ---D | C] -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008
[2010/06/05 21:32:18 | 000,000,000 | R--D | C] -- C:\ARMIES
[2010/06/05 20:49:52 | 000,000,000 | ---D | C] -- C:\Angie's Email
[2010/06/05 20:49:51 | 000,000,000 | ---D | C] -- C:\Angie's Documents
[2010/06/05 20:49:49 | 000,000,000 | ---D | C] -- C:\abproject2007-01-21
[2010/06/05 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\CyberLink
[2010/06/05 20:34:14 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macromedia
[2010/06/05 20:32:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\MigWiz
[2010/06/05 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\My Backup Files
[2010/06/05 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Adobe
[2010/06/05 20:24:03 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/06/05 20:20:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Dell
[2010/06/05 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Stardock_Corporation
[2010/06/05 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\DataSafeOnline
[2010/06/05 20:20:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio
[2010/06/05 20:20:32 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SupportSoft
[2010/06/05 20:20:10 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Searches
[2010/06/05 20:20:10 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/05 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Identities
[2010/06/05 20:19:54 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Contacts
[2010/06/05 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\VirtualStore
[2010/06/05 20:13:34 | 000,000,000 | --SD | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Videos
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Saved Games
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Pictures
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Music
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Links
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Favorites
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Downloads
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Desktop
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Temporary Internet Files
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Templates
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Start Menu
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\SendTo
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Recent
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\PrintHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\NetHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Videos
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Pictures
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Music
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Local Settings
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\History
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Cookies
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Temp
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SoftThinks
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Media Center Programs
[2010/03/28 00:34:15 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/03/28 00:34:15 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/03/28 00:34:15 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/03/28 00:34:15 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/03/28 00:34:15 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/03/28 00:34:15 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/03/28 00:34:15 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/03/28 00:34:15 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/03/28 00:34:15 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/03/28 00:34:15 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/03/28 00:34:15 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/03/28 00:34:15 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/03/28 00:33:55 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2010/03/28 00:32:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2010/03/28 00:32:49 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/03/28 00:32:49 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/03/28 00:27:53 | 000,000,000 | ---D | C] -- C:\dell
[2010/03/27 23:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/03/27 23:46:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/03/27 23:45:52 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/03/27 23:44:45 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/03/27 23:44:12 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/03/27 22:10:16 | 000,041,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfebopk.sys
[2010/03/27 22:10:16 | 000,040,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdk.sys
[2010/03/27 22:10:13 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2010/03/27 22:09:59 | 000,308,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2010/03/27 22:09:59 | 000,102,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/03/27 22:09:59 | 000,049,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfesmfk.sys
[2010/03/27 22:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/27 22:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/03/27 22:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/03/27 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/03/27 22:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/03/27 22:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2010/03/27 22:05:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}
[2010/03/27 22:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/03/27 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2010/03/27 22:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/03/27 22:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2010/03/27 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/03/27 22:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/03/27 22:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/03/27 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/03/27 22:02:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/03/27 22:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/03/27 22:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/03/27 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/03/27 21:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/03/27 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/03/27 21:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2010/03/27 21:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center
[2010/03/27 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cozi Express
[2010/03/27 21:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Cozi
[2010/03/27 21:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2010/03/27 21:57:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/03/27 21:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/03/27 21:54:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/27 21:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/03/27 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent
[2010/03/27 21:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/03/27 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell DataSafe Online
[2010/03/27 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2010/03/27 21:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2010/03/27 21:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2010/03/27 21:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/03/27 21:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/03/27 21:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/03/27 21:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/03/27 21:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/03/27 21:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/03/27 21:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/27 21:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/03/27 21:51:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/03/27 21:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Inc
[2010/03/27 21:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/25 18:19:58 | 002,097,152 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat
[2010/06/25 18:18:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/25 18:18:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/25 18:15:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/25 15:47:13 | 000,012,801 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/25 15:46:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/25 03:03:15 | 000,737,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/25 03:03:15 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/25 03:03:15 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/23 21:27:21 | 000,293,376 | ---- | M] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:41 | 000,525,824 | ---- | M] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/23 15:34:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/23 15:34:37 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 15:32:22 | 002,182,918 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\IconCache.db
[2010/06/16 23:19:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:58:09 | 000,000,000 | ---- | M] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | M] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:25:50 | 000,002,095 | ---- | M] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:03:04 | 000,111,232 | ---- | M] () -- C:\Users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:33 | 000,074,752 | ---- | M] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/13 13:25:07 | 000,426,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 13:22:23 | 000,000,508 | ---- | M] () -- C:\Windows\win.ini
[2010/06/12 16:34:21 | 000,001,284 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/12 16:34:21 | 000,001,260 | ---- | M] () -- C:\Users\Brandon\Desktop\Spybot - Search & Destroy.lnk
[2010/06/12 11:09:39 | 000,010,942 | ---- | M] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | M] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:14:33 | 000,000,271 | ---- | M] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | M] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:09 | 000,000,934 | ---- | M] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:18:39 | 000,000,247 | ---- | M] () -- C:\Windows\system.ini
[2010/06/05 21:56:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:07 | 000,001,439 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:27:20 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:20:46 | 000,001,980 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/06/05 20:13:34 | 000,000,020 | -HS- | M] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/05 11:47:23 | 087,326,720 | ---- | M] () -- C:\backup.pst
[2010/06/02 21:24:35 | 000,000,095 | ---- | M] () -- C:\Various - Dark Was The Night (That Disc).m3u
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/24 15:50:02 | 191,882,258 | ---- | M] () -- C:\Guitar stuff.mpg
[2010/04/24 15:03:49 | 000,291,832 | ---- | M] () -- C:\Guitars.avi.A.index
[2010/04/24 15:03:49 | 000,000,191 | ---- | M] () -- C:\Guitars.scn
[2010/04/24 15:03:48 | 000,291,904 | ---- | M] () -- C:\Guitars.avi.index
[2010/03/28 00:39:28 | 000,031,158 | RH-- | M] () -- C:\dell.sdr
[2010/03/28 00:33:46 | 000,031,158 | ---- | M] () -- C:\Windows\SysWow64\drivers\1028_Dell_INS_580.mrk
[2010/03/28 00:33:46 | 000,031,158 | ---- | M] () -- C:\Windows\SysNative\drivers\1028_Dell_INS_580.mrk
[2010/03/27 23:45:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/27 22:13:24 | 000,747,506 | ---- | M] () -- C:\Windows\SysNative\chklogo6.wtl
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/23 21:27:14 | 000,293,376 | ---- | C] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:36 | 000,525,824 | ---- | C] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/22 13:38:46 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\Sti_Trace.log
[2010/06/16 22:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | C] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:21:29 | 000,002,095 | ---- | C] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:32 | 000,074,752 | ---- | C] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/12 16:34:21 | 000,001,284 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/12 16:34:21 | 000,001,260 | ---- | C] () -- C:\Users\Brandon\Desktop\Spybot - Search & Destroy.lnk
[2010/06/11 10:36:45 | 000,010,942 | ---- | C] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | C] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:13:45 | 000,000,271 | ---- | C] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | C] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:23 | 000,266,930 | ---- | C] () -- C:\zoo2.JPG
[2010/06/05 22:30:23 | 000,266,231 | ---- | C] () -- C:\zoo3.JPG
[2010/06/05 22:30:23 | 000,224,913 | ---- | C] () -- C:\zoo1.JPG
[2010/06/05 22:30:22 | 009,144,320 | ---- | C] () -- C:\White Wedding.mp3
[2010/06/05 22:30:22 | 004,964,728 | ---- | C] () -- C:\Veil.mp3
[2010/06/05 22:30:22 | 000,139,469 | ---- | C] () -- C:\vibeupdate.pdf
[2010/06/05 22:30:22 | 000,000,095 | ---- | C] () -- C:\Various - Dark Was The Night (That Disc).m3u
[2010/06/05 22:30:20 | 059,441,480 | ---- | C] () -- C:\Unlce Tupelo - WMBR - Boston, MA - 1991-1-24.zip
[2010/06/05 22:30:20 | 007,473,401 | ---- | C] () -- C:\Uncle Phil & Aunt Phillis In The Month After The Election.m4a
[2010/06/05 22:30:19 | 034,239,546 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.wav
[2010/06/05 22:30:19 | 007,764,041 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.mp3
[2010/06/05 22:30:18 | 003,930,905 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo.mp3
[2010/06/05 22:30:17 | 043,333,676 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:17 | 003,506,676 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo.mp3
[2010/06/05 22:30:16 | 038,656,556 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:16 | 002,967,927 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo.mp3
[2010/06/05 22:30:15 | 032,716,844 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 031,905,836 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 002,894,366 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo.mp3
[2010/06/05 22:30:13 | 002,882,245 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo.mp3
[2010/06/05 22:30:12 | 031,772,204 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:12 | 003,099,166 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo].mp3
[2010/06/05 22:30:11 | 034,163,756 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo] (from MPEG@128kbps).wav
[2010/06/05 22:30:11 | 004,007,809 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo.mp3
[2010/06/05 22:30:10 | 044,181,548 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:09 | 003,098,330 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo.mp3
[2010/06/05 22:30:09 | 000,000,934 | ---- | C] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:30:08 | 034,154,540 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:08 | 004,099,342 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo.mp3
[2010/06/05 22:30:07 | 045,190,700 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:07 | 004,982,072 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo.mp3
[2010/06/05 22:30:05 | 054,922,796 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:05 | 003,975,208 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo.mp3
[2010/06/05 22:30:04 | 043,822,124 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:04 | 002,511,097 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo.mp3
[2010/06/05 22:30:03 | 027,680,300 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:03 | 003,821,399 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo.mp3
[2010/06/05 22:30:01 | 042,126,380 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:01 | 003,217,030 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo.mp3
[2010/06/05 22:30:00 | 035,463,212 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:00 | 000,033,792 | ---- | C] () -- C:\THE STARKWEATHERS.doc
[2010/06/05 22:30:00 | 000,024,064 | ---- | C] () -- C:\tasks.doc
[2010/06/05 22:29:59 | 012,501,551 | ---- | C] () -- C:\Sundazed_KS10-03.zip
[2010/06/05 22:29:59 | 000,441,600 | ---- | C] () -- C:\Stramel Films.avi.index
[2010/06/05 22:29:59 | 000,441,576 | ---- | C] () -- C:\Stramel Films.avi.A.index
[2010/06/05 22:29:59 | 000,150,814 | ---- | C] () -- C:\sun glasses.JPG
[2010/06/05 22:29:59 | 000,000,215 | ---- | C] () -- C:\Stramel Films.scn
[2010/06/05 22:29:12 | 3503,795,712 | ---- | C] () -- C:\Stramel Films.avi
[2010/06/05 22:29:12 | 000,000,043 | ---- | C] () -- C:\spaceball.gif
[2010/06/05 22:29:11 | 032,196,812 | ---- | C] () -- C:\Red Smear 2008-05-0216.wav
[2010/06/05 22:29:10 | 058,353,164 | ---- | C] () -- C:\Red Smear 2008-05-0215.wav
[2010/06/05 22:29:09 | 031,688,540 | ---- | C] () -- C:\Red Smear 2008-05-0214.wav
[2010/06/05 22:29:07 | 047,362,268 | ---- | C] () -- C:\Red Smear 2008-05-0213.wav
[2010/06/05 22:29:06 | 047,289,356 | ---- | C] () -- C:\Red Smear 2008-05-0212.wav
[2010/06/05 22:29:04 | 050,546,876 | ---- | C] () -- C:\Red Smear 2008-05-0211.wav
[2010/06/05 22:29:04 | 000,592,432 | ---- | C] () -- C:\Red Smear 2008-05-0211.pk
[2010/06/05 22:29:02 | 057,640,508 | ---- | C] () -- C:\Red Smear 2008-05-0210.wav
[2010/06/05 22:29:01 | 028,329,884 | ---- | C] () -- C:\Red Smear 2008-05-0209.wav
[2010/06/05 22:29:00 | 036,747,692 | ---- | C] () -- C:\Red Smear 2008-05-0208.wav
[2010/06/05 22:28:59 | 037,799,036 | ---- | C] () -- C:\Red Smear 2008-05-0207.wav
[2010/06/05 22:28:58 | 042,159,644 | ---- | C] () -- C:\Red Smear 2008-05-0206.wav
[2010/06/05 22:28:56 | 048,467,708 | ---- | C] () -- C:\Red Smear 2008-05-0205.wav
[2010/06/05 22:28:55 | 048,481,820 | ---- | C] () -- C:\Red Smear 2008-05-0204.wav
[2010/06/05 22:28:55 | 000,568,228 | ---- | C] () -- C:\Red Smear 2008-05-0204.pk
[2010/06/05 22:28:53 | 041,957,372 | ---- | C] () -- C:\Red Smear 2008-05-0203.wav
[2010/06/05 22:28:49 | 042,119,660 | ---- | C] () -- C:\Red Smear 2008-05-0202.wav
[2010/06/05 22:28:48 | 020,768,204 | ---- | C] () -- C:\Red Smear 2008-05-0201.wav
[2010/06/05 22:28:27 | 671,907,884 | ---- | C] () -- C:\Red Smear 2008-05-02.wav
[2010/06/05 22:28:27 | 002,646,364 | ---- | C] () -- C:\Red Smear 2008-05-02.pk
[2010/06/05 22:28:27 | 000,000,697 | ---- | C] () -- C:\Red Smear 2008-05-02 cue.cue
[2010/06/05 22:28:24 | 102,007,478 | ---- | C] () -- C:\Pitiful Reflections.mpg
[2010/06/05 22:28:23 | 034,239,561 | ---- | C] () -- C:\NT2009-05-1616.flac
[2010/06/05 22:28:22 | 039,399,967 | ---- | C] () -- C:\NT2009-05-1615.flac
[2010/06/05 22:28:21 | 047,215,390 | ---- | C] () -- C:\NT2009-05-1614.flac
[2010/06/05 22:28:20 | 021,164,542 | ---- | C] () -- C:\NT2009-05-1613.flac
[2010/06/05 22:28:19 | 040,124,198 | ---- | C] () -- C:\NT2009-05-1612.flac
[2010/06/05 22:28:17 | 058,442,540 | ---- | C] () -- C:\NT2009-05-1611.wav
[2010/06/05 22:28:16 | 029,288,189 | ---- | C] () -- C:\NT2009-05-1611.flac
[2010/06/05 22:28:15 | 036,235,381 | ---- | C] () -- C:\NT2009-05-1610.flac
[2010/06/05 22:28:13 | 052,525,811 | ---- | C] () -- C:\NT2009-05-1609.flac
[2010/06/05 22:28:12 | 034,636,447 | ---- | C] () -- C:\NT2009-05-1608.flac
[2010/06/05 22:28:10 | 041,042,867 | ---- | C] () -- C:\NT2009-05-1607.flac
[2010/06/05 22:28:09 | 030,050,206 | ---- | C] () -- C:\NT2009-05-1606.flac
[2010/06/05 22:28:08 | 032,703,565 | ---- | C] () -- C:\NT2009-05-1605.flac
[2010/06/05 22:28:07 | 040,480,111 | ---- | C] () -- C:\NT2009-05-1604.flac
[2010/06/05 22:28:06 | 022,018,089 | ---- | C] () -- C:\NT2009-05-1603.flac
[2010/06/05 22:28:04 | 048,978,513 | ---- | C] () -- C:\NT2009-05-1602.flac
[2010/06/05 22:28:04 | 020,145,721 | ---- | C] () -- C:\NT2009-05-1601.flac
[2010/06/05 22:28:03 | 038,628,048 | ---- | C] () -- C:\NT2009-04-24t10.flac
[2010/06/05 22:28:01 | 041,596,740 | ---- | C] () -- C:\NT2009-04-24t9.flac
[2010/06/05 22:28:00 | 041,423,587 | ---- | C] () -- C:\NT2009-04-24t8.flac
[2010/06/05 22:27:59 | 047,540,940 | ---- | C] () -- C:\NT2009-04-24t7.flac
[2010/06/05 22:27:58 | 027,915,416 | ---- | C] () -- C:\NT2009-04-24t6.flac
[2010/06/05 22:27:58 | 003,366,235 | ---- | C] () -- C:\NT2009-04-24t5.flac
[2010/06/05 22:27:56 | 035,347,782 | ---- | C] () -- C:\NT2009-04-24t4.flac
[2010/06/05 22:27:55 | 033,299,005 | ---- | C] () -- C:\NT2009-04-24t3.flac
[2010/06/05 22:27:55 | 025,325,644 | ---- | C] () -- C:\NT2009-04-24t2.flac
[2010/06/05 22:27:53 | 038,054,578 | ---- | C] () -- C:\NT2009-04-24t1.flac
[2010/06/05 22:27:52 | 034,385,959 | ---- | C] () -- C:\NT2009-03-26t08.flac
[2010/06/05 22:27:52 | 028,261,981 | ---- | C] () -- C:\NT2009-03-26t07.flac
[2010/06/05 22:27:52 | 001,111,437 | ---- | C] () -- C:\NT2009-03-26t06.flac
[2010/06/05 22:27:51 | 019,260,387 | ---- | C] () -- C:\NT2009-03-26t05.flac
[2010/06/05 22:27:50 | 029,110,350 | ---- | C] () -- C:\NT2009-03-26t04.flac
[2010/06/05 22:27:48 | 056,355,800 | ---- | C] () -- C:\NT2009-03-26t03.flac
[2010/06/05 22:27:47 | 045,606,985 | ---- | C] () -- C:\NT2009-03-26t02.flac
[2010/06/05 22:27:46 | 023,856,732 | ---- | C] () -- C:\NT2009-03-26t01.flac
[2010/06/05 22:27:39 | 233,201,319 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_wav.zip
[2010/06/05 22:27:33 | 166,886,623 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_FLAC.zip
[2010/06/05 22:25:53 | 3310,125,212 | ---- | C] () -- C:\Nervous Turkey.nrg
[2010/06/05 22:25:52 | 010,631,878 | ---- | C] () -- C:\My Movie 1.wmv
[2010/06/05 22:25:51 | 041,879,222 | ---- | C] () -- C:\My Ass is Bleeding.mpg
[2010/06/05 22:25:33 | 490,438,812 | ---- | C] () -- C:\MO.nrg
[2010/06/05 22:25:33 | 001,344,909 | ---- | C] () -- C:\lovetone_meatball.zip
[2010/06/05 22:25:33 | 000,001,138 | ---- | C] () -- C:\Missouri Trip.ncd
[2010/06/05 22:25:24 | 285,409,436 | ---- | C] () -- C:\ktp.nrg
[2010/06/05 22:25:24 | 000,002,945 | ---- | C] () -- C:\Johnnyman3.ncd
[2010/06/05 22:25:24 | 000,002,886 | ---- | C] () -- C:\Johnnyman2.ncd
[2010/06/05 22:25:24 | 000,001,340 | ---- | C] () -- C:\JohnnymanOST.ncd
[2010/06/05 22:25:24 | 000,001,059 | ---- | C] () -- C:\Johnnyman.ncd
[2010/06/05 22:25:22 | 050,640,240 | ---- | C] () -- C:\Ideology3.wav
[2010/06/05 22:25:21 | 050,729,992 | ---- | C] () -- C:\Ideology2.wav
[2010/06/05 22:25:19 | 051,132,988 | ---- | C] () -- C:\Ideology1.wav
[2010/06/05 22:25:16 | 098,889,884 | ---- | C] () -- C:\Ideology.wav
[2010/06/05 22:25:16 | 001,158,952 | ---- | C] () -- C:\Ideology.pk
[2010/06/05 22:25:16 | 000,000,000 | ---- | C] () -- C:\Ideology.stx
[2010/06/05 22:25:14 | 081,653,880 | ---- | C] () -- C:\Ideology.mpg
[2010/06/05 22:25:14 | 003,817,221 | ---- | C] () -- C:\Ideology.mp3
[2010/06/05 22:25:12 | 042,076,700 | ---- | C] () -- C:\Ideology wav.wav
[2010/06/05 22:25:12 | 000,246,628 | ---- | C] () -- C:\Ideology wav.pk
[2010/06/05 22:25:11 | 042,722,876 | ---- | C] () -- C:\Ideology cam 2 audio.wav
[2010/06/05 22:25:11 | 000,500,740 | ---- | C] () -- C:\Ideology cam 2 audio.pk
[2010/06/05 22:25:11 | 000,377,369 | ---- | C] () -- C:\ibanez.jpg
[2010/06/05 22:25:10 | 028,788,524 | ---- | C] () -- C:\Howard Iceberg More of Me and Less of Him.wav
[2010/06/05 22:25:10 | 000,000,245 | ---- | C] () -- C:\Hey Janeane.scn
[2010/06/05 22:25:05 | 147,357,852 | ---- | C] () -- C:\Hey Janeane.nrg
[2010/06/05 22:25:05 | 000,105,776 | ---- | C] () -- C:\Hey Janeane.avi.index
[2010/06/05 22:25:05 | 000,105,688 | ---- | C] () -- C:\Hey Janeane.avi.A.index
[2010/06/05 22:24:39 | 838,287,360 | ---- | C] () -- C:\Hey Janeane.avi
[2010/06/05 22:24:39 | 013,686,116 | ---- | C] () -- C:\Hammond Alien Return.wav
[2010/06/05 22:24:39 | 000,291,904 | ---- | C] () -- C:\Guitars.avi.index
[2010/06/05 22:24:39 | 000,291,832 | ---- | C] () -- C:\Guitars.avi.A.index
[2010/06/05 22:24:39 | 000,160,516 | ---- | C] () -- C:\Hammond Alien Return.pk
[2010/06/05 22:24:39 | 000,000,191 | ---- | C] () -- C:\Guitars.scn
[2010/06/05 22:24:33 | 191,882,258 | ---- | C] () -- C:\Guitar stuff.mpg
[2010/06/05 22:24:33 | 000,000,695 | ---- | C] () -- C:\Grimm 4-4-08 tape 2.mpg.scn
[2010/06/05 22:22:08 | 003,490,654 | ---- | C] () -- C:\Grand Funk Railroad - Bad Time.mp3
[2010/06/05 22:22:04 | 149,827,660 | ---- | C] () -- C:\Glossary - Dear Friends and Gentle Hearts.zip
[2010/06/05 22:22:04 | 000,765,076 | ---- | C] () -- C:\Dulli.pk
[2010/06/05 22:22:04 | 000,025,088 | ---- | C] () -- C:\FP department physicians interview protochol.doc
[2010/06/05 22:22:02 | 034,622,128 | ---- | C] () -- C:\Dulli 2 Cover Me.wav
[2010/06/05 22:22:02 | 000,405,820 | ---- | C] () -- C:\Dulli 2 Cover Me.pk
[2010/06/05 22:22:01 | 042,196,964 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.wav
[2010/06/05 22:22:01 | 000,494,584 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.pk
[2010/06/05 22:22:00 | 022,842,777 | ---- | C] () -- C:\Drive-By_Truckers_--_Girls_Who_Smoke_(Bonus_Track).flac
[2010/06/05 22:22:00 | 000,808,804 | ---- | C] () -- C:\DBT.pk
[2010/06/05 22:21:59 | 035,398,978 | ---- | C] () -- C:\DBT 2006-07-13 d1t03.flac
[2010/06/05 22:21:58 | 048,388,112 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.wav
[2010/06/05 22:21:58 | 000,547,804 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.pk
[2010/06/05 22:21:57 | 031,564,972 | ---- | C] () -- C:\DBT 1 Where's Eddie.wav
[2010/06/05 22:21:57 | 000,370,000 | ---- | C] () -- C:\DBT 1 Where's Eddie.pk
[2010/06/05 22:21:56 | 017,678,318 | ---- | C] () -- C:\CT-559-Jay Farrar.mp3
[2010/06/05 22:21:56 | 009,741,584 | ---- | C] () -- C:\Chris_Cornell-You Know My Name-James Bond 007 - Casino Royale.mp3
[2010/06/05 22:21:55 | 011,284,970 | ---- | C] () -- C:\cdbxp_setup_3.0.116.zip
[2010/06/05 22:21:54 | 028,591,780 | ---- | C] () -- C:\cagadas.ZIP
[2010/06/05 22:21:54 | 000,127,135 | ---- | C] () -- C:\boomerang_v2.pdf
[2010/06/05 22:21:54 | 000,014,336 | ---- | C] () -- C:\BRANDON_P_RELEASE.wps
[2010/06/05 22:21:52 | 087,326,720 | ---- | C] () -- C:\backup.pst
[2010/06/05 22:21:52 | 000,000,288 | ---- | C] () -- C:\Autorun.inf
[2010/06/05 22:21:51 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008.zip
[2010/06/05 22:21:50 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost.zip
[2010/06/05 22:21:50 | 000,000,000 | ---- | C] () -- C:\Armies.stx
[2010/06/05 22:21:47 | 088,025,712 | ---- | C] () -- C:\Armies.mpg
[2010/06/05 22:21:46 | 004,397,184 | ---- | C] () -- C:\12. Thunderball-Tom Jones [From Thunderball].mp3
[2010/06/05 22:21:46 | 000,065,562 | ---- | C] () -- C:\1869.jpg
[2010/06/05 22:21:46 | 000,057,733 | ---- | C] () -- C:\1868.jpg
[2010/06/05 22:21:44 | 044,481,068 | ---- | C] () -- C:\07-ArcadeFire-KCRW-1-17-05-BornOnATrain(live) (from MPEG@128kbps).wav
[2010/06/05 21:56:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:06 | 000,001,439 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:20:46 | 000,001,980 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/06/05 20:14:15 | 000,012,801 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/06/05 20:13:34 | 002,097,152 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:13:34 | 000,262,144 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG1
[2010/06/05 20:13:34 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,290 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/05 20:13:34 | 000,000,272 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/05 20:13:34 | 000,000,020 | -HS- | C] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 20:13:34 | 000,000,000 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG2
[2010/03/28 00:39:28 | 000,031,158 | RH-- | C] () -- C:\dell.sdr
[2010/03/28 00:33:53 | 000,010,161 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2010/03/28 00:33:53 | 000,001,407 | ---- | C] () -- C:\Windows\SysNative\nvhda.nvu
[2010/03/28 00:33:46 | 000,031,158 | ---- | C] () -- C:\Windows\SysWow64\drivers\1028_Dell_INS_580.mrk
[2010/03/28 00:33:46 | 000,031,158 | ---- | C] () -- C:\Windows\SysNative\drivers\1028_Dell_INS_580.mrk
[2010/03/27 23:45:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/27 23:44:12 | 2039,832,575 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/27 22:13:24 | 000,747,506 | ---- | C] () -- C:\Windows\SysNative\chklogo6.wtl
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/17 13:49:29 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FileZilla
[2010/06/05 23:45:08 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\GetRightToGo
[2009/07/14 00:08:49 | 000,004,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/30 21:22:47 | 018,540,611 | ---- | M] (Agree Software, Inc. ) -- C:\agree-free-dvd-audio-ripper.exe
[2009/01/16 02:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC) -- C:\Setup.exe


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemdrive%\*.sys /90 /md5 >
[2010/06/23 15:34:37 | 2039,832,575 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/06/23 15:34:46 | 4151,435,263 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
< End of report >

OTL Extras logfile created on: 6/25/2010 6:16:33 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Brandon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 729.15 Gb Free Space | 79.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-PC
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Dell Dock" = Dell Dock
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.2.1
"GoToAssist" = GoToAssist 8.0.0.514
"Guitar Pro 5_is1" = Guitar Pro 5.1
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"usb-audio.deU24" = ESI U24 drivers
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/16/2010 7:12:10 PM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 6/16/2010 7:12:10 PM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 6/16/2010 10:54:04 PM | Computer Name = Brandon-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 6/17/2010 1:32:54 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 6/17/2010 1:33:57 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 6/17/2010 1:34:18 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/17/2010 1:34:25 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 6/17/2010 9:24:53 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 6/17/2010 9:24:53 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 6/18/2010 1:33:01 AM | Computer Name = Brandon-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

[ System Events ]
Error - 6/16/2010 10:54:00 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 6/16/2010 10:54:09 PM | Computer Name = Brandon-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/16/2010 10:54:09 PM | Computer Name = Brandon-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/16/2010 10:56:30 PM | Computer Name = Brandon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/16/2010 10:56:56 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 6/16/2010 11:02:20 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 6/16/2010 11:03:04 PM | Computer Name = Brandon-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/16/2010 11:03:28 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 6/18/2010 8:40:46 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Inc. mferkdk service failed to start due to the following
error: %%127

Error - 6/19/2010 8:13:58 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.


< End of report >


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 27 June 2010 - 05:03 AM

Hi,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O4 - HKCU..\Run: [lacaafyo] C:\Users\Brandon\AppData\Local\wljiebblu\yujpkuntssd.exe File not found
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Do you use a router?

Edited by schrauber, 27 June 2010 - 05:04 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 27 June 2010 - 10:16 AM

Thanks again Tom. Here's the log from the "follow up" scan directions above, after it will be the log results from the first scan you directed. Just FYI Spybot wouldn't allow me to uncheck the Resident "SDHelper" box so I simply uninstalled Spybot for now. I hope that wasn't a problem.
Brandon


OTL logfile created on: 6/27/2010 10:07:29 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Brandon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 727.44 Gb Free Space | 79.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-PC
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weau.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 04:32:46 | 000,000,288 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/27 10:03:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/27 09:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/27 09:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/27 09:50:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/27 09:50:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/27 09:50:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/27 09:50:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/27 09:25:19 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Brandon\Desktop\jre-6u20-windows-i586.exe
[2010/06/25 18:15:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/23 15:32:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 15:32:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/23 15:32:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 15:32:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/23 15:32:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 15:32:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/23 15:32:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/23 15:32:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 13:28:00 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 13:27:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 13:27:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 13:27:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 13:27:56 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 13:27:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 13:27:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 13:27:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/19 16:25:59 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\wljiebblu
[2010/06/16 23:19:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\gmer
[2010/06/16 22:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/16 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
[2010/06/16 22:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/16 22:17:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/13 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Documents\Outlook Files
[2010/06/13 13:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/06/13 13:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/13 13:18:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/13 13:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/13 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/06/12 20:15:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\FileZilla
[2010/06/12 20:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/12 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Diagnostics
[2010/06/10 03:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/09 19:44:54 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 19:44:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/09 19:44:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 19:44:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Apple Computer
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple Computer
[2010/06/09 18:09:01 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/06/09 18:09:01 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/06/09 18:09:01 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/06/09 18:09:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/09 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/09 18:07:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple
[2010/06/09 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/09 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/08 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Nero
[2010/06/08 22:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/06/08 21:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/06/08 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/06/08 21:55:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/06/08 21:54:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/06/08 21:54:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/06/08 21:54:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/06/08 21:53:59 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/06/08 21:53:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/06/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2010/06/08 11:24:18 | 000,093,184 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2010/06/08 11:19:09 | 000,000,000 | ---D | C] -- C:\epson
[2010/06/07 18:22:31 | 000,177,760 | ---- | C] (ESI) -- C:\Windows\SysWow64\drivers\u24.sys
[2010/06/07 18:22:31 | 000,020,960 | ---- | C] (usb-audio.de) -- C:\Windows\SysWow64\drivers\pgusbmm3.sys
[2010/06/07 18:22:31 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.de
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/06 10:34:27 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Adobe
[2010/06/06 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Tracing
[2010/06/06 08:28:18 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/06/06 08:28:18 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/06/06 08:28:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/06/06 08:28:17 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/06/06 08:28:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/06/06 08:28:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/06/06 08:28:17 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/06/06 08:28:17 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/06/06 08:28:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/06/06 08:28:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/06/06 08:28:17 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/06/06 08:28:17 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/06/06 08:28:17 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/06/06 08:28:17 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/06/06 08:28:17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/06/06 08:28:17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/06/06 08:28:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/06/06 08:28:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/06/06 08:28:15 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/06/06 08:28:15 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/06/06 08:28:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/06/06 08:28:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/06/06 08:28:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/06/06 08:28:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/06/06 08:28:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/06/06 08:28:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/06/06 08:28:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/06/06 08:28:09 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/06/06 08:28:09 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/06/06 08:28:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/06/06 08:28:09 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/06/06 08:28:08 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/06/06 08:28:08 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/06/06 08:28:08 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/06/06 08:28:07 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/06/06 08:28:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/06/06 08:28:05 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/06/06 08:28:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/06/06 08:28:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/06/05 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/05 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/05 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft Help
[2010/06/05 23:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/05 23:41:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/05 23:21:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\GetRightToGo
[2010/06/05 23:03:36 | 000,000,000 | R-SD | C] -- C:\Users\Brandon\Documents\My Stationery
[2010/06/05 22:50:11 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/06/05 22:50:11 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/06/05 22:50:11 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/06/05 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/06/05 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/06/05 22:49:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio Log Files
[2010/06/05 22:39:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macrovision
[2010/06/05 22:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2010/06/05 22:29:12 | 000,156,312 | ---- | C] (Seagate Technology LLC) -- C:\Setup.exe
[2010/06/05 22:21:46 | 018,540,611 | ---- | C] (Agree Software, Inc. ) -- C:\agree-free-dvd-audio-ripper.exe
[2010/06/05 22:20:55 | 000,000,000 | ---D | C] -- C:\WinRAR
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\VIDEO_TS
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\Various Artists
[2010/06/05 22:20:45 | 000,000,000 | ---D | C] -- C:\UTI9
[2010/06/05 22:20:42 | 000,000,000 | ---D | C] -- C:\UT_CnR
[2010/06/05 22:20:25 | 000,000,000 | ---D | C] -- C:\UT demos
[2010/06/05 22:20:11 | 000,000,000 | ---D | C] -- C:\Uncle Tupelo1994-04-29
[2010/06/05 22:19:56 | 000,000,000 | ---D | C] -- C:\Total.Recorder.v6.0.Pro
[2010/06/05 22:19:53 | 000,000,000 | ---D | C] -- C:\The_Suburbs_CD___Digital_Preorder
[2010/06/05 22:19:36 | 000,000,000 | ---D | C] -- C:\sv2008-04-09.mk21.flac16
[2010/06/05 22:19:34 | 000,000,000 | ---D | C] -- C:\Studer Stuff
[2010/06/05 22:19:13 | 000,000,000 | ---D | C] -- C:\sonvolt051707flac
[2010/06/05 22:18:53 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-15
[2010/06/05 22:18:33 | 000,000,000 | ---D | C] -- C:\SonVolt2007-06-14.flac16
[2010/06/05 22:18:12 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-09flac16
[2010/06/05 22:17:51 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-07.4060-MC012-mix.flac16
[2010/06/05 22:17:32 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-05.4022.flac16
[2010/06/05 22:17:15 | 000,000,000 | ---D | C] -- C:\Son Volt2007.05.14-16bit
[2010/06/05 22:17:12 | 000,000,000 | ---D | C] -- C:\Son Volt ACD
[2010/06/05 22:16:53 | 000,000,000 | ---D | C] -- C:\Son Volt 05-05-07 Helotes, TX
[2010/06/05 22:16:32 | 000,000,000 | ---D | C] -- C:\Son Volt 4-20-07
[2010/06/05 22:16:10 | 000,000,000 | ---D | C] -- C:\Son Volt
[2010/06/05 22:16:08 | 000,000,000 | ---D | C] -- C:\Sleigh Bells - 2hellwu (2009)
[2010/06/05 22:16:05 | 000,000,000 | ---D | C] -- C:\sick sick sick
[2010/06/05 22:15:47 | 000,000,000 | ---D | C] -- C:\She & Him stuff
[2010/06/05 22:15:18 | 000,000,000 | ---D | C] -- C:\Seagate
[2010/06/05 22:10:21 | 000,000,000 | ---D | C] -- C:\Pinnacle.Studio.Plus.Titanium.Edition.v10.6.MULTiLANGUAGE.ISO-TBE
[2010/06/05 22:10:19 | 000,000,000 | ---D | C] -- C:\nora
[2010/06/05 22:10:03 | 000,000,000 | ---D | C] -- C:\NINJA_2009_Tour_Sampler_wav plus Jane's cabinet best buy bonus disc
[2010/06/05 22:09:28 | 000,000,000 | ---D | C] -- C:\Nervous Turkey DVD audio
[2010/06/05 22:08:25 | 000,000,000 | ---D | C] -- C:\Nervous Turkey 9-20-09
[2010/06/05 22:04:32 | 000,000,000 | R--D | C] -- C:\My Documents
[2010/06/05 22:04:26 | 000,000,000 | ---D | C] -- C:\More C Drive Stuff
[2010/06/05 22:04:25 | 000,000,000 | ---D | C] -- C:\Michael K. Weise
[2010/06/05 22:04:10 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 stereo matrix
[2010/06/05 22:04:01 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 matrix
[2010/06/05 22:03:37 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 FULL WAVES
[2010/06/05 22:03:30 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05
[2010/06/05 22:03:24 | 000,000,000 | ---D | C] -- C:\macongreyson_ep
[2010/06/05 22:03:23 | 000,000,000 | ---D | C] -- C:\LimeWire
[2010/06/05 22:01:20 | 000,000,000 | ---D | C] -- C:\Johnnyman
[2010/06/05 22:01:04 | 000,000,000 | ---D | C] -- C:\Jane's Addiction demos n unreleased
[2010/06/05 22:01:02 | 000,000,000 | R--D | C] -- C:\IDEOLOGY
[2010/06/05 22:00:40 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Unreleased
[2010/06/05 22:00:25 | 000,000,000 | ---D | C] -- C:\Howard Iceberg November Nights
[2010/06/05 22:00:05 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Maiden Voyage
[2010/06/05 21:59:53 | 000,000,000 | ---D | C] -- C:\Howard Iceberg First Fade
[2010/06/05 21:59:39 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Final Fade
[2010/06/05 21:59:24 | 000,000,000 | ---D | C] -- C:\Howard Iceberg and Mike Ireland unreleased tunes
[2010/06/05 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Syntrillium
[2010/06/05 21:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2010/06/05 21:51:21 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 source
[2010/06/05 21:50:58 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 [RSE]
[2010/06/05 21:50:57 | 000,000,000 | ---D | C] -- C:\Goldfinger
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Glossary - Dear Friends and Gentle Hearts
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Exact Audio Copy
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\DVD Audio Extractor
[2010/06/05 21:50:43 | 000,000,000 | ---D | C] -- C:\Ditch Witch
[2010/06/05 21:50:19 | 000,000,000 | ---D | C] -- C:\dbt - ahc town burned down
[2010/06/05 21:50:13 | 000,000,000 | ---D | C] -- C:\coolpro2
[2010/06/05 21:50:06 | 000,000,000 | ---D | C] -- C:\cagadas
[2010/06/05 21:33:17 | 000,000,000 | ---D | C] -- C:\C Drive Stuff
[2010/06/05 21:33:01 | 000,000,000 | ---D | C] -- C:\buck pets demo
[2010/06/05 21:32:45 | 000,000,000 | ---D | C] -- C:\BottleRockets2008-04-19.flac16
[2010/06/05 21:32:35 | 000,000,000 | ---D | C] -- C:\Ass Ponys 2001-6-9
[2010/06/05 21:32:19 | 000,000,000 | ---D | C] -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008
[2010/06/05 21:32:18 | 000,000,000 | R--D | C] -- C:\ARMIES
[2010/06/05 20:49:52 | 000,000,000 | ---D | C] -- C:\Angie's Email
[2010/06/05 20:49:51 | 000,000,000 | ---D | C] -- C:\Angie's Documents
[2010/06/05 20:49:49 | 000,000,000 | ---D | C] -- C:\abproject2007-01-21
[2010/06/05 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\CyberLink
[2010/06/05 20:34:14 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macromedia
[2010/06/05 20:32:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\MigWiz
[2010/06/05 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\My Backup Files
[2010/06/05 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Adobe
[2010/06/05 20:24:03 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/06/05 20:20:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Dell
[2010/06/05 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Stardock_Corporation
[2010/06/05 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\DataSafeOnline
[2010/06/05 20:20:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio
[2010/06/05 20:20:32 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SupportSoft
[2010/06/05 20:20:10 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Searches
[2010/06/05 20:20:10 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/05 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Identities
[2010/06/05 20:19:54 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Contacts
[2010/06/05 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\VirtualStore
[2010/06/05 20:14:53 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/06/05 20:14:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/06/05 20:14:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/06/05 20:14:53 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/06/05 20:13:34 | 000,000,000 | --SD | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Videos
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Saved Games
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Pictures
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Music
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Links
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Favorites
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Downloads
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Desktop
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Temporary Internet Files
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Templates
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Start Menu
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\SendTo
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Recent
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\PrintHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\NetHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Videos
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Pictures
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Music
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Local Settings
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\History
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Cookies
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Temp
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SoftThinks
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Media Center Programs
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/27 10:08:43 | 002,097,152 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat
[2010/06/27 09:54:45 | 003,442,409 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\IconCache.db
[2010/06/27 09:53:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 09:53:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 09:50:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/27 09:50:56 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 09:50:56 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/27 09:50:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/27 09:50:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/27 09:50:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/27 09:50:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/27 09:46:57 | 000,012,801 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/27 09:46:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/27 09:46:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/27 09:45:32 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 09:25:28 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Brandon\Desktop\jre-6u20-windows-i586.exe
[2010/06/25 18:15:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/23 21:27:21 | 000,293,376 | ---- | M] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:41 | 000,525,824 | ---- | M] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/16 23:19:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:58:09 | 000,000,000 | ---- | M] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | M] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:25:50 | 000,002,095 | ---- | M] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:03:04 | 000,111,232 | ---- | M] () -- C:\Users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:33 | 000,074,752 | ---- | M] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/13 13:25:07 | 000,426,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 13:22:23 | 000,000,508 | ---- | M] () -- C:\Windows\win.ini
[2010/06/12 11:09:39 | 000,010,942 | ---- | M] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | M] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:14:33 | 000,000,271 | ---- | M] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | M] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:09 | 000,000,934 | ---- | M] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:18:39 | 000,000,247 | ---- | M] () -- C:\Windows\system.ini
[2010/06/05 21:56:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:07 | 000,001,439 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:27:20 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,020 | -HS- | M] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/05 11:47:23 | 087,326,720 | ---- | M] () -- C:\backup.pst
[2010/06/02 21:24:35 | 000,000,095 | ---- | M] () -- C:\Various - Dark Was The Night (That Disc).m3u
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/23 21:27:14 | 000,293,376 | ---- | C] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:36 | 000,525,824 | ---- | C] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/22 13:38:46 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\Sti_Trace.log
[2010/06/16 22:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | C] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:21:29 | 000,002,095 | ---- | C] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:32 | 000,074,752 | ---- | C] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/11 10:36:45 | 000,010,942 | ---- | C] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | C] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:13:45 | 000,000,271 | ---- | C] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | C] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:23 | 000,266,930 | ---- | C] () -- C:\zoo2.JPG
[2010/06/05 22:30:23 | 000,266,231 | ---- | C] () -- C:\zoo3.JPG
[2010/06/05 22:30:23 | 000,224,913 | ---- | C] () -- C:\zoo1.JPG
[2010/06/05 22:30:22 | 009,144,320 | ---- | C] () -- C:\White Wedding.mp3
[2010/06/05 22:30:22 | 004,964,728 | ---- | C] () -- C:\Veil.mp3
[2010/06/05 22:30:22 | 000,139,469 | ---- | C] () -- C:\vibeupdate.pdf
[2010/06/05 22:30:22 | 000,000,095 | ---- | C] () -- C:\Various - Dark Was The Night (That Disc).m3u
[2010/06/05 22:30:20 | 059,441,480 | ---- | C] () -- C:\Unlce Tupelo - WMBR - Boston, MA - 1991-1-24.zip
[2010/06/05 22:30:20 | 007,473,401 | ---- | C] () -- C:\Uncle Phil & Aunt Phillis In The Month After The Election.m4a
[2010/06/05 22:30:19 | 034,239,546 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.wav
[2010/06/05 22:30:19 | 007,764,041 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.mp3
[2010/06/05 22:30:18 | 003,930,905 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo.mp3
[2010/06/05 22:30:17 | 043,333,676 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:17 | 003,506,676 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo.mp3
[2010/06/05 22:30:16 | 038,656,556 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:16 | 002,967,927 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo.mp3
[2010/06/05 22:30:15 | 032,716,844 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 031,905,836 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 002,894,366 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo.mp3
[2010/06/05 22:30:13 | 002,882,245 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo.mp3
[2010/06/05 22:30:12 | 031,772,204 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:12 | 003,099,166 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo].mp3
[2010/06/05 22:30:11 | 034,163,756 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo] (from MPEG@128kbps).wav
[2010/06/05 22:30:11 | 004,007,809 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo.mp3
[2010/06/05 22:30:10 | 044,181,548 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:09 | 003,098,330 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo.mp3
[2010/06/05 22:30:09 | 000,000,934 | ---- | C] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:30:08 | 034,154,540 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:08 | 004,099,342 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo.mp3
[2010/06/05 22:30:07 | 045,190,700 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:07 | 004,982,072 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo.mp3
[2010/06/05 22:30:05 | 054,922,796 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:05 | 003,975,208 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo.mp3
[2010/06/05 22:30:04 | 043,822,124 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:04 | 002,511,097 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo.mp3
[2010/06/05 22:30:03 | 027,680,300 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:03 | 003,821,399 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo.mp3
[2010/06/05 22:30:01 | 042,126,380 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:01 | 003,217,030 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo.mp3
[2010/06/05 22:30:00 | 035,463,212 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:00 | 000,033,792 | ---- | C] () -- C:\THE STARKWEATHERS.doc
[2010/06/05 22:30:00 | 000,024,064 | ---- | C] () -- C:\tasks.doc
[2010/06/05 22:29:59 | 012,501,551 | ---- | C] () -- C:\Sundazed_KS10-03.zip
[2010/06/05 22:29:59 | 000,441,600 | ---- | C] () -- C:\Stramel Films.avi.index
[2010/06/05 22:29:59 | 000,441,576 | ---- | C] () -- C:\Stramel Films.avi.A.index
[2010/06/05 22:29:59 | 000,150,814 | ---- | C] () -- C:\sun glasses.JPG
[2010/06/05 22:29:59 | 000,000,215 | ---- | C] () -- C:\Stramel Films.scn
[2010/06/05 22:29:12 | 3503,795,712 | ---- | C] () -- C:\Stramel Films.avi
[2010/06/05 22:29:12 | 000,000,043 | ---- | C] () -- C:\spaceball.gif
[2010/06/05 22:29:11 | 032,196,812 | ---- | C] () -- C:\Red Smear 2008-05-0216.wav
[2010/06/05 22:29:10 | 058,353,164 | ---- | C] () -- C:\Red Smear 2008-05-0215.wav
[2010/06/05 22:29:09 | 031,688,540 | ---- | C] () -- C:\Red Smear 2008-05-0214.wav
[2010/06/05 22:29:07 | 047,362,268 | ---- | C] () -- C:\Red Smear 2008-05-0213.wav
[2010/06/05 22:29:06 | 047,289,356 | ---- | C] () -- C:\Red Smear 2008-05-0212.wav
[2010/06/05 22:29:04 | 050,546,876 | ---- | C] () -- C:\Red Smear 2008-05-0211.wav
[2010/06/05 22:29:04 | 000,592,432 | ---- | C] () -- C:\Red Smear 2008-05-0211.pk
[2010/06/05 22:29:02 | 057,640,508 | ---- | C] () -- C:\Red Smear 2008-05-0210.wav
[2010/06/05 22:29:01 | 028,329,884 | ---- | C] () -- C:\Red Smear 2008-05-0209.wav
[2010/06/05 22:29:00 | 036,747,692 | ---- | C] () -- C:\Red Smear 2008-05-0208.wav
[2010/06/05 22:28:59 | 037,799,036 | ---- | C] () -- C:\Red Smear 2008-05-0207.wav
[2010/06/05 22:28:58 | 042,159,644 | ---- | C] () -- C:\Red Smear 2008-05-0206.wav
[2010/06/05 22:28:56 | 048,467,708 | ---- | C] () -- C:\Red Smear 2008-05-0205.wav
[2010/06/05 22:28:55 | 048,481,820 | ---- | C] () -- C:\Red Smear 2008-05-0204.wav
[2010/06/05 22:28:55 | 000,568,228 | ---- | C] () -- C:\Red Smear 2008-05-0204.pk
[2010/06/05 22:28:53 | 041,957,372 | ---- | C] () -- C:\Red Smear 2008-05-0203.wav
[2010/06/05 22:28:49 | 042,119,660 | ---- | C] () -- C:\Red Smear 2008-05-0202.wav
[2010/06/05 22:28:48 | 020,768,204 | ---- | C] () -- C:\Red Smear 2008-05-0201.wav
[2010/06/05 22:28:27 | 671,907,884 | ---- | C] () -- C:\Red Smear 2008-05-02.wav
[2010/06/05 22:28:27 | 002,646,364 | ---- | C] () -- C:\Red Smear 2008-05-02.pk
[2010/06/05 22:28:27 | 000,000,697 | ---- | C] () -- C:\Red Smear 2008-05-02 cue.cue
[2010/06/05 22:28:24 | 102,007,478 | ---- | C] () -- C:\Pitiful Reflections.mpg
[2010/06/05 22:28:23 | 034,239,561 | ---- | C] () -- C:\NT2009-05-1616.flac
[2010/06/05 22:28:22 | 039,399,967 | ---- | C] () -- C:\NT2009-05-1615.flac
[2010/06/05 22:28:21 | 047,215,390 | ---- | C] () -- C:\NT2009-05-1614.flac
[2010/06/05 22:28:20 | 021,164,542 | ---- | C] () -- C:\NT2009-05-1613.flac
[2010/06/05 22:28:19 | 040,124,198 | ---- | C] () -- C:\NT2009-05-1612.flac
[2010/06/05 22:28:17 | 058,442,540 | ---- | C] () -- C:\NT2009-05-1611.wav
[2010/06/05 22:28:16 | 029,288,189 | ---- | C] () -- C:\NT2009-05-1611.flac
[2010/06/05 22:28:15 | 036,235,381 | ---- | C] () -- C:\NT2009-05-1610.flac
[2010/06/05 22:28:13 | 052,525,811 | ---- | C] () -- C:\NT2009-05-1609.flac
[2010/06/05 22:28:12 | 034,636,447 | ---- | C] () -- C:\NT2009-05-1608.flac
[2010/06/05 22:28:10 | 041,042,867 | ---- | C] () -- C:\NT2009-05-1607.flac
[2010/06/05 22:28:09 | 030,050,206 | ---- | C] () -- C:\NT2009-05-1606.flac
[2010/06/05 22:28:08 | 032,703,565 | ---- | C] () -- C:\NT2009-05-1605.flac
[2010/06/05 22:28:07 | 040,480,111 | ---- | C] () -- C:\NT2009-05-1604.flac
[2010/06/05 22:28:06 | 022,018,089 | ---- | C] () -- C:\NT2009-05-1603.flac
[2010/06/05 22:28:04 | 048,978,513 | ---- | C] () -- C:\NT2009-05-1602.flac
[2010/06/05 22:28:04 | 020,145,721 | ---- | C] () -- C:\NT2009-05-1601.flac
[2010/06/05 22:28:03 | 038,628,048 | ---- | C] () -- C:\NT2009-04-24t10.flac
[2010/06/05 22:28:01 | 041,596,740 | ---- | C] () -- C:\NT2009-04-24t9.flac
[2010/06/05 22:28:00 | 041,423,587 | ---- | C] () -- C:\NT2009-04-24t8.flac
[2010/06/05 22:27:59 | 047,540,940 | ---- | C] () -- C:\NT2009-04-24t7.flac
[2010/06/05 22:27:58 | 027,915,416 | ---- | C] () -- C:\NT2009-04-24t6.flac
[2010/06/05 22:27:58 | 003,366,235 | ---- | C] () -- C:\NT2009-04-24t5.flac
[2010/06/05 22:27:56 | 035,347,782 | ---- | C] () -- C:\NT2009-04-24t4.flac
[2010/06/05 22:27:55 | 033,299,005 | ---- | C] () -- C:\NT2009-04-24t3.flac
[2010/06/05 22:27:55 | 025,325,644 | ---- | C] () -- C:\NT2009-04-24t2.flac
[2010/06/05 22:27:53 | 038,054,578 | ---- | C] () -- C:\NT2009-04-24t1.flac
[2010/06/05 22:27:52 | 034,385,959 | ---- | C] () -- C:\NT2009-03-26t08.flac
[2010/06/05 22:27:52 | 028,261,981 | ---- | C] () -- C:\NT2009-03-26t07.flac
[2010/06/05 22:27:52 | 001,111,437 | ---- | C] () -- C:\NT2009-03-26t06.flac
[2010/06/05 22:27:51 | 019,260,387 | ---- | C] () -- C:\NT2009-03-26t05.flac
[2010/06/05 22:27:50 | 029,110,350 | ---- | C] () -- C:\NT2009-03-26t04.flac
[2010/06/05 22:27:48 | 056,355,800 | ---- | C] () -- C:\NT2009-03-26t03.flac
[2010/06/05 22:27:47 | 045,606,985 | ---- | C] () -- C:\NT2009-03-26t02.flac
[2010/06/05 22:27:46 | 023,856,732 | ---- | C] () -- C:\NT2009-03-26t01.flac
[2010/06/05 22:27:39 | 233,201,319 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_wav.zip
[2010/06/05 22:27:33 | 166,886,623 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_FLAC.zip
[2010/06/05 22:25:53 | 3310,125,212 | ---- | C] () -- C:\Nervous Turkey.nrg
[2010/06/05 22:25:52 | 010,631,878 | ---- | C] () -- C:\My Movie 1.wmv
[2010/06/05 22:25:51 | 041,879,222 | ---- | C] () -- C:\My Ass is Bleeding.mpg
[2010/06/05 22:25:33 | 490,438,812 | ---- | C] () -- C:\MO.nrg
[2010/06/05 22:25:33 | 001,344,909 | ---- | C] () -- C:\lovetone_meatball.zip
[2010/06/05 22:25:33 | 000,001,138 | ---- | C] () -- C:\Missouri Trip.ncd
[2010/06/05 22:25:24 | 285,409,436 | ---- | C] () -- C:\ktp.nrg
[2010/06/05 22:25:24 | 000,002,945 | ---- | C] () -- C:\Johnnyman3.ncd
[2010/06/05 22:25:24 | 000,002,886 | ---- | C] () -- C:\Johnnyman2.ncd
[2010/06/05 22:25:24 | 000,001,340 | ---- | C] () -- C:\JohnnymanOST.ncd
[2010/06/05 22:25:24 | 000,001,059 | ---- | C] () -- C:\Johnnyman.ncd
[2010/06/05 22:25:22 | 050,640,240 | ---- | C] () -- C:\Ideology3.wav
[2010/06/05 22:25:21 | 050,729,992 | ---- | C] () -- C:\Ideology2.wav
[2010/06/05 22:25:19 | 051,132,988 | ---- | C] () -- C:\Ideology1.wav
[2010/06/05 22:25:16 | 098,889,884 | ---- | C] () -- C:\Ideology.wav
[2010/06/05 22:25:16 | 001,158,952 | ---- | C] () -- C:\Ideology.pk
[2010/06/05 22:25:16 | 000,000,000 | ---- | C] () -- C:\Ideology.stx
[2010/06/05 22:25:14 | 081,653,880 | ---- | C] () -- C:\Ideology.mpg
[2010/06/05 22:25:14 | 003,817,221 | ---- | C] () -- C:\Ideology.mp3
[2010/06/05 22:25:12 | 042,076,700 | ---- | C] () -- C:\Ideology wav.wav
[2010/06/05 22:25:12 | 000,246,628 | ---- | C] () -- C:\Ideology wav.pk
[2010/06/05 22:25:11 | 042,722,876 | ---- | C] () -- C:\Ideology cam 2 audio.wav
[2010/06/05 22:25:11 | 000,500,740 | ---- | C] () -- C:\Ideology cam 2 audio.pk
[2010/06/05 22:25:11 | 000,377,369 | ---- | C] () -- C:\ibanez.jpg
[2010/06/05 22:25:10 | 028,788,524 | ---- | C] () -- C:\Howard Iceberg More of Me and Less of Him.wav
[2010/06/05 22:25:10 | 000,000,245 | ---- | C] () -- C:\Hey Janeane.scn
[2010/06/05 22:25:05 | 147,357,852 | ---- | C] () -- C:\Hey Janeane.nrg
[2010/06/05 22:25:05 | 000,105,776 | ---- | C] () -- C:\Hey Janeane.avi.index
[2010/06/05 22:25:05 | 000,105,688 | ---- | C] () -- C:\Hey Janeane.avi.A.index
[2010/06/05 22:24:39 | 838,287,360 | ---- | C] () -- C:\Hey Janeane.avi
[2010/06/05 22:24:39 | 013,686,116 | ---- | C] () -- C:\Hammond Alien Return.wav
[2010/06/05 22:24:39 | 000,291,904 | ---- | C] () -- C:\Guitars.avi.index
[2010/06/05 22:24:39 | 000,291,832 | ---- | C] () -- C:\Guitars.avi.A.index
[2010/06/05 22:24:39 | 000,160,516 | ---- | C] () -- C:\Hammond Alien Return.pk
[2010/06/05 22:24:39 | 000,000,191 | ---- | C] () -- C:\Guitars.scn
[2010/06/05 22:24:33 | 191,882,258 | ---- | C] () -- C:\Guitar stuff.mpg
[2010/06/05 22:24:33 | 000,000,695 | ---- | C] () -- C:\Grimm 4-4-08 tape 2.mpg.scn
[2010/06/05 22:22:08 | 003,490,654 | ---- | C] () -- C:\Grand Funk Railroad - Bad Time.mp3
[2010/06/05 22:22:04 | 149,827,660 | ---- | C] () -- C:\Glossary - Dear Friends and Gentle Hearts.zip
[2010/06/05 22:22:04 | 000,765,076 | ---- | C] () -- C:\Dulli.pk
[2010/06/05 22:22:04 | 000,025,088 | ---- | C] () -- C:\FP department physicians interview protochol.doc
[2010/06/05 22:22:02 | 034,622,128 | ---- | C] () -- C:\Dulli 2 Cover Me.wav
[2010/06/05 22:22:02 | 000,405,820 | ---- | C] () -- C:\Dulli 2 Cover Me.pk
[2010/06/05 22:22:01 | 042,196,964 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.wav
[2010/06/05 22:22:01 | 000,494,584 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.pk
[2010/06/05 22:22:00 | 022,842,777 | ---- | C] () -- C:\Drive-By_Truckers_--_Girls_Who_Smoke_(Bonus_Track).flac
[2010/06/05 22:22:00 | 000,808,804 | ---- | C] () -- C:\DBT.pk
[2010/06/05 22:21:59 | 035,398,978 | ---- | C] () -- C:\DBT 2006-07-13 d1t03.flac
[2010/06/05 22:21:58 | 048,388,112 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.wav
[2010/06/05 22:21:58 | 000,547,804 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.pk
[2010/06/05 22:21:57 | 031,564,972 | ---- | C] () -- C:\DBT 1 Where's Eddie.wav
[2010/06/05 22:21:57 | 000,370,000 | ---- | C] () -- C:\DBT 1 Where's Eddie.pk
[2010/06/05 22:21:56 | 017,678,318 | ---- | C] () -- C:\CT-559-Jay Farrar.mp3
[2010/06/05 22:21:56 | 009,741,584 | ---- | C] () -- C:\Chris_Cornell-You Know My Name-James Bond 007 - Casino Royale.mp3
[2010/06/05 22:21:55 | 011,284,970 | ---- | C] () -- C:\cdbxp_setup_3.0.116.zip
[2010/06/05 22:21:54 | 028,591,780 | ---- | C] () -- C:\cagadas.ZIP
[2010/06/05 22:21:54 | 000,127,135 | ---- | C] () -- C:\boomerang_v2.pdf
[2010/06/05 22:21:54 | 000,014,336 | ---- | C] () -- C:\BRANDON_P_RELEASE.wps
[2010/06/05 22:21:52 | 087,326,720 | ---- | C] () -- C:\backup.pst
[2010/06/05 22:21:52 | 000,000,288 | ---- | C] () -- C:\Autorun.inf
[2010/06/05 22:21:51 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008.zip
[2010/06/05 22:21:50 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost.zip
[2010/06/05 22:21:50 | 000,000,000 | ---- | C] () -- C:\Armies.stx
[2010/06/05 22:21:47 | 088,025,712 | ---- | C] () -- C:\Armies.mpg
[2010/06/05 22:21:46 | 004,397,184 | ---- | C] () -- C:\12. Thunderball-Tom Jones [From Thunderball].mp3
[2010/06/05 22:21:46 | 000,065,562 | ---- | C] () -- C:\1869.jpg
[2010/06/05 22:21:46 | 000,057,733 | ---- | C] () -- C:\1868.jpg
[2010/06/05 22:21:44 | 044,481,068 | ---- | C] () -- C:\07-ArcadeFire-KCRW-1-17-05-BornOnATrain(live) (from MPEG@128kbps).wav
[2010/06/05 21:56:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:06 | 000,001,439 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:14:15 | 000,012,801 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/06/05 20:13:34 | 002,097,152 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:13:34 | 000,262,144 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG1
[2010/06/05 20:13:34 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,290 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/05 20:13:34 | 000,000,272 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/05 20:13:34 | 000,000,020 | -HS- | C] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 20:13:34 | 000,000,000 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG2
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


Other log
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lacaafyo not found.

OTL by OldTimer - Version 3.2.7.0 log created on 06272010_100549


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 29 June 2010 - 04:32 PM

Hi smile.gif


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    [2010/06/19 16:25:59 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\wljiebblu
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.


How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 29 June 2010 - 06:37 PM

Hey Tom,
Thanks again, the logs from both scans are below. A quick yahoo search was still redirected unfortunately.
Brandon

OTL logfile created on: 6/29/2010 6:21:54 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Brandon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 726.32 Gb Free Space | 79.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON-PC
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weau.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 04:32:46 | 000,000,288 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/27 10:03:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/27 09:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/27 09:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/27 09:50:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/27 09:50:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/27 09:50:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/27 09:50:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/27 09:25:19 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Brandon\Desktop\jre-6u20-windows-i586.exe
[2010/06/25 18:15:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/23 15:32:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 15:32:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/23 15:32:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 15:32:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/23 15:32:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 15:32:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/23 15:32:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/23 15:32:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 13:28:00 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 13:27:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 13:27:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 13:27:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 13:27:56 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 13:27:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 13:27:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 13:27:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/16 23:19:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\gmer
[2010/06/16 22:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/16 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
[2010/06/16 22:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/16 22:17:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/13 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Documents\Outlook Files
[2010/06/13 13:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/06/13 13:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/13 13:18:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/13 13:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/13 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/06/12 20:15:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\FileZilla
[2010/06/12 20:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/12 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Diagnostics
[2010/06/10 03:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/09 19:44:54 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 19:44:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/09 19:44:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 19:44:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Apple Computer
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple Computer
[2010/06/09 18:09:01 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/06/09 18:09:01 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/06/09 18:09:01 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/06/09 18:09:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/09 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/09 18:07:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple
[2010/06/09 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/09 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/08 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Nero
[2010/06/08 22:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/06/08 21:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/06/08 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/06/08 21:55:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/06/08 21:54:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/06/08 21:54:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/06/08 21:54:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/06/08 21:53:59 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/06/08 21:53:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/06/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2010/06/08 11:24:18 | 000,093,184 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2010/06/08 11:19:09 | 000,000,000 | ---D | C] -- C:\epson
[2010/06/07 18:22:31 | 000,177,760 | ---- | C] (ESI) -- C:\Windows\SysWow64\drivers\u24.sys
[2010/06/07 18:22:31 | 000,020,960 | ---- | C] (usb-audio.de) -- C:\Windows\SysWow64\drivers\pgusbmm3.sys
[2010/06/07 18:22:31 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.de
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/06 10:34:27 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Adobe
[2010/06/06 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Tracing
[2010/06/06 08:28:18 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/06/06 08:28:18 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/06/06 08:28:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/06/06 08:28:17 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/06/06 08:28:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/06/06 08:28:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/06/06 08:28:17 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/06/06 08:28:17 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/06/06 08:28:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/06/06 08:28:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/06/06 08:28:17 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/06/06 08:28:17 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/06/06 08:28:17 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/06/06 08:28:17 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/06/06 08:28:17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/06/06 08:28:17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/06/06 08:28:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/06/06 08:28:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/06/06 08:28:15 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/06/06 08:28:15 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/06/06 08:28:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/06/06 08:28:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/06/06 08:28:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/06/06 08:28:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/06/06 08:28:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/06/06 08:28:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/06/06 08:28:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/06/06 08:28:09 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/06/06 08:28:09 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/06/06 08:28:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/06/06 08:28:09 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/06/06 08:28:08 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/06/06 08:28:08 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/06/06 08:28:08 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/06/06 08:28:07 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/06/06 08:28:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/06/06 08:28:05 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/06/06 08:28:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/06/06 08:28:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/06/05 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/05 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/05 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft Help
[2010/06/05 23:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/05 23:41:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/05 23:21:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\GetRightToGo
[2010/06/05 23:03:36 | 000,000,000 | R-SD | C] -- C:\Users\Brandon\Documents\My Stationery
[2010/06/05 22:50:11 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/06/05 22:50:11 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/06/05 22:50:11 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/06/05 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/06/05 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/06/05 22:49:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio Log Files
[2010/06/05 22:39:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macrovision
[2010/06/05 22:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2010/06/05 22:29:12 | 000,156,312 | ---- | C] (Seagate Technology LLC) -- C:\Setup.exe
[2010/06/05 22:21:46 | 018,540,611 | ---- | C] (Agree Software, Inc. ) -- C:\agree-free-dvd-audio-ripper.exe
[2010/06/05 22:20:55 | 000,000,000 | ---D | C] -- C:\WinRAR
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\VIDEO_TS
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\Various Artists
[2010/06/05 22:20:45 | 000,000,000 | ---D | C] -- C:\UTI9
[2010/06/05 22:20:42 | 000,000,000 | ---D | C] -- C:\UT_CnR
[2010/06/05 22:20:25 | 000,000,000 | ---D | C] -- C:\UT demos
[2010/06/05 22:20:11 | 000,000,000 | ---D | C] -- C:\Uncle Tupelo1994-04-29
[2010/06/05 22:19:56 | 000,000,000 | ---D | C] -- C:\Total.Recorder.v6.0.Pro
[2010/06/05 22:19:53 | 000,000,000 | ---D | C] -- C:\The_Suburbs_CD___Digital_Preorder
[2010/06/05 22:19:36 | 000,000,000 | ---D | C] -- C:\sv2008-04-09.mk21.flac16
[2010/06/05 22:19:34 | 000,000,000 | ---D | C] -- C:\Studer Stuff
[2010/06/05 22:19:13 | 000,000,000 | ---D | C] -- C:\sonvolt051707flac
[2010/06/05 22:18:53 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-15
[2010/06/05 22:18:33 | 000,000,000 | ---D | C] -- C:\SonVolt2007-06-14.flac16
[2010/06/05 22:18:12 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-09flac16
[2010/06/05 22:17:51 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-07.4060-MC012-mix.flac16
[2010/06/05 22:17:32 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-05.4022.flac16
[2010/06/05 22:17:15 | 000,000,000 | ---D | C] -- C:\Son Volt2007.05.14-16bit
[2010/06/05 22:17:12 | 000,000,000 | ---D | C] -- C:\Son Volt ACD
[2010/06/05 22:16:53 | 000,000,000 | ---D | C] -- C:\Son Volt 05-05-07 Helotes, TX
[2010/06/05 22:16:32 | 000,000,000 | ---D | C] -- C:\Son Volt 4-20-07
[2010/06/05 22:16:10 | 000,000,000 | ---D | C] -- C:\Son Volt
[2010/06/05 22:16:08 | 000,000,000 | ---D | C] -- C:\Sleigh Bells - 2hellwu (2009)
[2010/06/05 22:16:05 | 000,000,000 | ---D | C] -- C:\sick sick sick
[2010/06/05 22:15:47 | 000,000,000 | ---D | C] -- C:\She & Him stuff
[2010/06/05 22:15:18 | 000,000,000 | ---D | C] -- C:\Seagate
[2010/06/05 22:10:21 | 000,000,000 | ---D | C] -- C:\Pinnacle.Studio.Plus.Titanium.Edition.v10.6.MULTiLANGUAGE.ISO-TBE
[2010/06/05 22:10:19 | 000,000,000 | ---D | C] -- C:\nora
[2010/06/05 22:10:03 | 000,000,000 | ---D | C] -- C:\NINJA_2009_Tour_Sampler_wav plus Jane's cabinet best buy bonus disc
[2010/06/05 22:09:28 | 000,000,000 | ---D | C] -- C:\Nervous Turkey DVD audio
[2010/06/05 22:08:25 | 000,000,000 | ---D | C] -- C:\Nervous Turkey 9-20-09
[2010/06/05 22:04:32 | 000,000,000 | R--D | C] -- C:\My Documents
[2010/06/05 22:04:26 | 000,000,000 | ---D | C] -- C:\More C Drive Stuff
[2010/06/05 22:04:25 | 000,000,000 | ---D | C] -- C:\Michael K. Weise
[2010/06/05 22:04:10 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 stereo matrix
[2010/06/05 22:04:01 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 matrix
[2010/06/05 22:03:37 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 FULL WAVES
[2010/06/05 22:03:30 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05
[2010/06/05 22:03:24 | 000,000,000 | ---D | C] -- C:\macongreyson_ep
[2010/06/05 22:03:23 | 000,000,000 | ---D | C] -- C:\LimeWire
[2010/06/05 22:01:20 | 000,000,000 | ---D | C] -- C:\Johnnyman
[2010/06/05 22:01:04 | 000,000,000 | ---D | C] -- C:\Jane's Addiction demos n unreleased
[2010/06/05 22:01:02 | 000,000,000 | R--D | C] -- C:\IDEOLOGY
[2010/06/05 22:00:40 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Unreleased
[2010/06/05 22:00:25 | 000,000,000 | ---D | C] -- C:\Howard Iceberg November Nights
[2010/06/05 22:00:05 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Maiden Voyage
[2010/06/05 21:59:53 | 000,000,000 | ---D | C] -- C:\Howard Iceberg First Fade
[2010/06/05 21:59:39 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Final Fade
[2010/06/05 21:59:24 | 000,000,000 | ---D | C] -- C:\Howard Iceberg and Mike Ireland unreleased tunes
[2010/06/05 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Syntrillium
[2010/06/05 21:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2010/06/05 21:51:21 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 source
[2010/06/05 21:50:58 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 [RSE]
[2010/06/05 21:50:57 | 000,000,000 | ---D | C] -- C:\Goldfinger
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Glossary - Dear Friends and Gentle Hearts
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Exact Audio Copy
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\DVD Audio Extractor
[2010/06/05 21:50:43 | 000,000,000 | ---D | C] -- C:\Ditch Witch
[2010/06/05 21:50:19 | 000,000,000 | ---D | C] -- C:\dbt - ahc town burned down
[2010/06/05 21:50:13 | 000,000,000 | ---D | C] -- C:\coolpro2
[2010/06/05 21:50:06 | 000,000,000 | ---D | C] -- C:\cagadas
[2010/06/05 21:33:17 | 000,000,000 | ---D | C] -- C:\C Drive Stuff
[2010/06/05 21:33:01 | 000,000,000 | ---D | C] -- C:\buck pets demo
[2010/06/05 21:32:45 | 000,000,000 | ---D | C] -- C:\BottleRockets2008-04-19.flac16
[2010/06/05 21:32:35 | 000,000,000 | ---D | C] -- C:\Ass Ponys 2001-6-9
[2010/06/05 21:32:19 | 000,000,000 | ---D | C] -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008
[2010/06/05 21:32:18 | 000,000,000 | R--D | C] -- C:\ARMIES
[2010/06/05 20:49:52 | 000,000,000 | ---D | C] -- C:\Angie's Email
[2010/06/05 20:49:51 | 000,000,000 | ---D | C] -- C:\Angie's Documents
[2010/06/05 20:49:49 | 000,000,000 | ---D | C] -- C:\abproject2007-01-21
[2010/06/05 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\CyberLink
[2010/06/05 20:34:14 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macromedia
[2010/06/05 20:32:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\MigWiz
[2010/06/05 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\My Backup Files
[2010/06/05 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Adobe
[2010/06/05 20:24:03 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/06/05 20:20:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Dell
[2010/06/05 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Stardock_Corporation
[2010/06/05 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\DataSafeOnline
[2010/06/05 20:20:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio
[2010/06/05 20:20:32 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SupportSoft
[2010/06/05 20:20:10 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Searches
[2010/06/05 20:20:10 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/05 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Identities
[2010/06/05 20:19:54 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Contacts
[2010/06/05 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\VirtualStore
[2010/06/05 20:14:53 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/06/05 20:14:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/06/05 20:14:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/06/05 20:14:53 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/06/05 20:13:34 | 000,000,000 | --SD | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Videos
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Saved Games
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Pictures
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Music
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Links
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Favorites
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Downloads
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Desktop
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Temporary Internet Files
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Templates
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Start Menu
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\SendTo
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Recent
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\PrintHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\NetHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Videos
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Pictures
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Music
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Local Settings
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\History
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Cookies
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Temp
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SoftThinks
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Media Center Programs
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/29 18:22:34 | 002,097,152 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat
[2010/06/29 12:50:40 | 000,013,731 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/29 12:50:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 04:37:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 04:37:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 11:39:06 | 000,003,021 | ---- | M] () -- C:\Users\Brandon\Desktop\Microsoft Word 2010.lnk
[2010/06/27 09:54:45 | 003,442,409 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\IconCache.db
[2010/06/27 09:50:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/27 09:50:56 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 09:50:56 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/27 09:50:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/27 09:50:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/27 09:50:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/27 09:50:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/27 09:46:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/27 09:45:32 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 09:25:28 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Brandon\Desktop\jre-6u20-windows-i586.exe
[2010/06/25 18:15:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/23 21:27:21 | 000,293,376 | ---- | M] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:41 | 000,525,824 | ---- | M] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/16 23:19:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:58:09 | 000,000,000 | ---- | M] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | M] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:25:50 | 000,002,095 | ---- | M] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:03:04 | 000,111,232 | ---- | M] () -- C:\Users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:33 | 000,074,752 | ---- | M] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/13 13:25:07 | 000,426,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 13:22:23 | 000,000,508 | ---- | M] () -- C:\Windows\win.ini
[2010/06/12 11:09:39 | 000,010,942 | ---- | M] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | M] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:14:33 | 000,000,271 | ---- | M] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | M] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:09 | 000,000,934 | ---- | M] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:18:39 | 000,000,247 | ---- | M] () -- C:\Windows\system.ini
[2010/06/05 21:56:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:07 | 000,001,439 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:27:20 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,020 | -HS- | M] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/05 11:47:23 | 087,326,720 | ---- | M] () -- C:\backup.pst
[2010/06/02 21:24:35 | 000,000,095 | ---- | M] () -- C:\Various - Dark Was The Night (That Disc).m3u
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/27 11:39:06 | 000,003,021 | ---- | C] () -- C:\Users\Brandon\Desktop\Microsoft Word 2010.lnk
[2010/06/23 21:27:14 | 000,293,376 | ---- | C] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:36 | 000,525,824 | ---- | C] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/22 13:38:46 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\Sti_Trace.log
[2010/06/16 22:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | C] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:21:29 | 000,002,095 | ---- | C] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:32 | 000,074,752 | ---- | C] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/11 10:36:45 | 000,010,942 | ---- | C] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | C] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:13:45 | 000,000,271 | ---- | C] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | C] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:23 | 000,266,930 | ---- | C] () -- C:\zoo2.JPG
[2010/06/05 22:30:23 | 000,266,231 | ---- | C] () -- C:\zoo3.JPG
[2010/06/05 22:30:23 | 000,224,913 | ---- | C] () -- C:\zoo1.JPG
[2010/06/05 22:30:22 | 009,144,320 | ---- | C] () -- C:\White Wedding.mp3
[2010/06/05 22:30:22 | 004,964,728 | ---- | C] () -- C:\Veil.mp3
[2010/06/05 22:30:22 | 000,139,469 | ---- | C] () -- C:\vibeupdate.pdf
[2010/06/05 22:30:22 | 000,000,095 | ---- | C] () -- C:\Various - Dark Was The Night (That Disc).m3u
[2010/06/05 22:30:20 | 059,441,480 | ---- | C] () -- C:\Unlce Tupelo - WMBR - Boston, MA - 1991-1-24.zip
[2010/06/05 22:30:20 | 007,473,401 | ---- | C] () -- C:\Uncle Phil & Aunt Phillis In The Month After The Election.m4a
[2010/06/05 22:30:19 | 034,239,546 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.wav
[2010/06/05 22:30:19 | 007,764,041 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.mp3
[2010/06/05 22:30:18 | 003,930,905 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo.mp3
[2010/06/05 22:30:17 | 043,333,676 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:17 | 003,506,676 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo.mp3
[2010/06/05 22:30:16 | 038,656,556 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:16 | 002,967,927 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo.mp3
[2010/06/05 22:30:15 | 032,716,844 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 031,905,836 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 002,894,366 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo.mp3
[2010/06/05 22:30:13 | 002,882,245 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo.mp3
[2010/06/05 22:30:12 | 031,772,204 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:12 | 003,099,166 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo].mp3
[2010/06/05 22:30:11 | 034,163,756 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo] (from MPEG@128kbps).wav
[2010/06/05 22:30:11 | 004,007,809 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo.mp3
[2010/06/05 22:30:10 | 044,181,548 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:09 | 003,098,330 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo.mp3
[2010/06/05 22:30:09 | 000,000,934 | ---- | C] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:30:08 | 034,154,540 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:08 | 004,099,342 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo.mp3
[2010/06/05 22:30:07 | 045,190,700 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:07 | 004,982,072 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo.mp3
[2010/06/05 22:30:05 | 054,922,796 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:05 | 003,975,208 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo.mp3
[2010/06/05 22:30:04 | 043,822,124 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:04 | 002,511,097 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo.mp3
[2010/06/05 22:30:03 | 027,680,300 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:03 | 003,821,399 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo.mp3
[2010/06/05 22:30:01 | 042,126,380 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:01 | 003,217,030 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo.mp3
[2010/06/05 22:30:00 | 035,463,212 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:00 | 000,033,792 | ---- | C] () -- C:\THE STARKWEATHERS.doc
[2010/06/05 22:30:00 | 000,024,064 | ---- | C] () -- C:\tasks.doc
[2010/06/05 22:29:59 | 012,501,551 | ---- | C] () -- C:\Sundazed_KS10-03.zip
[2010/06/05 22:29:59 | 000,441,600 | ---- | C] () -- C:\Stramel Films.avi.index
[2010/06/05 22:29:59 | 000,441,576 | ---- | C] () -- C:\Stramel Films.avi.A.index
[2010/06/05 22:29:59 | 000,150,814 | ---- | C] () -- C:\sun glasses.JPG
[2010/06/05 22:29:59 | 000,000,215 | ---- | C] () -- C:\Stramel Films.scn
[2010/06/05 22:29:12 | 3503,795,712 | ---- | C] () -- C:\Stramel Films.avi
[2010/06/05 22:29:12 | 000,000,043 | ---- | C] () -- C:\spaceball.gif
[2010/06/05 22:29:11 | 032,196,812 | ---- | C] () -- C:\Red Smear 2008-05-0216.wav
[2010/06/05 22:29:10 | 058,353,164 | ---- | C] () -- C:\Red Smear 2008-05-0215.wav
[2010/06/05 22:29:09 | 031,688,540 | ---- | C] () -- C:\Red Smear 2008-05-0214.wav
[2010/06/05 22:29:07 | 047,362,268 | ---- | C] () -- C:\Red Smear 2008-05-0213.wav
[2010/06/05 22:29:06 | 047,289,356 | ---- | C] () -- C:\Red Smear 2008-05-0212.wav
[2010/06/05 22:29:04 | 050,546,876 | ---- | C] () -- C:\Red Smear 2008-05-0211.wav
[2010/06/05 22:29:04 | 000,592,432 | ---- | C] () -- C:\Red Smear 2008-05-0211.pk
[2010/06/05 22:29:02 | 057,640,508 | ---- | C] () -- C:\Red Smear 2008-05-0210.wav
[2010/06/05 22:29:01 | 028,329,884 | ---- | C] () -- C:\Red Smear 2008-05-0209.wav
[2010/06/05 22:29:00 | 036,747,692 | ---- | C] () -- C:\Red Smear 2008-05-0208.wav
[2010/06/05 22:28:59 | 037,799,036 | ---- | C] () -- C:\Red Smear 2008-05-0207.wav
[2010/06/05 22:28:58 | 042,159,644 | ---- | C] () -- C:\Red Smear 2008-05-0206.wav
[2010/06/05 22:28:56 | 048,467,708 | ---- | C] () -- C:\Red Smear 2008-05-0205.wav
[2010/06/05 22:28:55 | 048,481,820 | ---- | C] () -- C:\Red Smear 2008-05-0204.wav
[2010/06/05 22:28:55 | 000,568,228 | ---- | C] () -- C:\Red Smear 2008-05-0204.pk
[2010/06/05 22:28:53 | 041,957,372 | ---- | C] () -- C:\Red Smear 2008-05-0203.wav
[2010/06/05 22:28:49 | 042,119,660 | ---- | C] () -- C:\Red Smear 2008-05-0202.wav
[2010/06/05 22:28:48 | 020,768,204 | ---- | C] () -- C:\Red Smear 2008-05-0201.wav
[2010/06/05 22:28:27 | 671,907,884 | ---- | C] () -- C:\Red Smear 2008-05-02.wav
[2010/06/05 22:28:27 | 002,646,364 | ---- | C] () -- C:\Red Smear 2008-05-02.pk
[2010/06/05 22:28:27 | 000,000,697 | ---- | C] () -- C:\Red Smear 2008-05-02 cue.cue
[2010/06/05 22:28:24 | 102,007,478 | ---- | C] () -- C:\Pitiful Reflections.mpg
[2010/06/05 22:28:23 | 034,239,561 | ---- | C] () -- C:\NT2009-05-1616.flac
[2010/06/05 22:28:22 | 039,399,967 | ---- | C] () -- C:\NT2009-05-1615.flac
[2010/06/05 22:28:21 | 047,215,390 | ---- | C] () -- C:\NT2009-05-1614.flac
[2010/06/05 22:28:20 | 021,164,542 | ---- | C] () -- C:\NT2009-05-1613.flac
[2010/06/05 22:28:19 | 040,124,198 | ---- | C] () -- C:\NT2009-05-1612.flac
[2010/06/05 22:28:17 | 058,442,540 | ---- | C] () -- C:\NT2009-05-1611.wav
[2010/06/05 22:28:16 | 029,288,189 | ---- | C] () -- C:\NT2009-05-1611.flac
[2010/06/05 22:28:15 | 036,235,381 | ---- | C] () -- C:\NT2009-05-1610.flac
[2010/06/05 22:28:13 | 052,525,811 | ---- | C] () -- C:\NT2009-05-1609.flac
[2010/06/05 22:28:12 | 034,636,447 | ---- | C] () -- C:\NT2009-05-1608.flac
[2010/06/05 22:28:10 | 041,042,867 | ---- | C] () -- C:\NT2009-05-1607.flac
[2010/06/05 22:28:09 | 030,050,206 | ---- | C] () -- C:\NT2009-05-1606.flac
[2010/06/05 22:28:08 | 032,703,565 | ---- | C] () -- C:\NT2009-05-1605.flac
[2010/06/05 22:28:07 | 040,480,111 | ---- | C] () -- C:\NT2009-05-1604.flac
[2010/06/05 22:28:06 | 022,018,089 | ---- | C] () -- C:\NT2009-05-1603.flac
[2010/06/05 22:28:04 | 048,978,513 | ---- | C] () -- C:\NT2009-05-1602.flac
[2010/06/05 22:28:04 | 020,145,721 | ---- | C] () -- C:\NT2009-05-1601.flac
[2010/06/05 22:28:03 | 038,628,048 | ---- | C] () -- C:\NT2009-04-24t10.flac
[2010/06/05 22:28:01 | 041,596,740 | ---- | C] () -- C:\NT2009-04-24t9.flac
[2010/06/05 22:28:00 | 041,423,587 | ---- | C] () -- C:\NT2009-04-24t8.flac
[2010/06/05 22:27:59 | 047,540,940 | ---- | C] () -- C:\NT2009-04-24t7.flac
[2010/06/05 22:27:58 | 027,915,416 | ---- | C] () -- C:\NT2009-04-24t6.flac
[2010/06/05 22:27:58 | 003,366,235 | ---- | C] () -- C:\NT2009-04-24t5.flac
[2010/06/05 22:27:56 | 035,347,782 | ---- | C] () -- C:\NT2009-04-24t4.flac
[2010/06/05 22:27:55 | 033,299,005 | ---- | C] () -- C:\NT2009-04-24t3.flac
[2010/06/05 22:27:55 | 025,325,644 | ---- | C] () -- C:\NT2009-04-24t2.flac
[2010/06/05 22:27:53 | 038,054,578 | ---- | C] () -- C:\NT2009-04-24t1.flac
[2010/06/05 22:27:52 | 034,385,959 | ---- | C] () -- C:\NT2009-03-26t08.flac
[2010/06/05 22:27:52 | 028,261,981 | ---- | C] () -- C:\NT2009-03-26t07.flac
[2010/06/05 22:27:52 | 001,111,437 | ---- | C] () -- C:\NT2009-03-26t06.flac
[2010/06/05 22:27:51 | 019,260,387 | ---- | C] () -- C:\NT2009-03-26t05.flac
[2010/06/05 22:27:50 | 029,110,350 | ---- | C] () -- C:\NT2009-03-26t04.flac
[2010/06/05 22:27:48 | 056,355,800 | ---- | C] () -- C:\NT2009-03-26t03.flac
[2010/06/05 22:27:47 | 045,606,985 | ---- | C] () -- C:\NT2009-03-26t02.flac
[2010/06/05 22:27:46 | 023,856,732 | ---- | C] () -- C:\NT2009-03-26t01.flac
[2010/06/05 22:27:39 | 233,201,319 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_wav.zip
[2010/06/05 22:27:33 | 166,886,623 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_FLAC.zip
[2010/06/05 22:25:53 | 3310,125,212 | ---- | C] () -- C:\Nervous Turkey.nrg
[2010/06/05 22:25:52 | 010,631,878 | ---- | C] () -- C:\My Movie 1.wmv
[2010/06/05 22:25:51 | 041,879,222 | ---- | C] () -- C:\My Ass is Bleeding.mpg
[2010/06/05 22:25:33 | 490,438,812 | ---- | C] () -- C:\MO.nrg
[2010/06/05 22:25:33 | 001,344,909 | ---- | C] () -- C:\lovetone_meatball.zip
[2010/06/05 22:25:33 | 000,001,138 | ---- | C] () -- C:\Missouri Trip.ncd
[2010/06/05 22:25:24 | 285,409,436 | ---- | C] () -- C:\ktp.nrg
[2010/06/05 22:25:24 | 000,002,945 | ---- | C] () -- C:\Johnnyman3.ncd
[2010/06/05 22:25:24 | 000,002,886 | ---- | C] () -- C:\Johnnyman2.ncd
[2010/06/05 22:25:24 | 000,001,340 | ---- | C] () -- C:\JohnnymanOST.ncd
[2010/06/05 22:25:24 | 000,001,059 | ---- | C] () -- C:\Johnnyman.ncd
[2010/06/05 22:25:22 | 050,640,240 | ---- | C] () -- C:\Ideology3.wav
[2010/06/05 22:25:21 | 050,729,992 | ---- | C] () -- C:\Ideology2.wav
[2010/06/05 22:25:19 | 051,132,988 | ---- | C] () -- C:\Ideology1.wav
[2010/06/05 22:25:16 | 098,889,884 | ---- | C] () -- C:\Ideology.wav
[2010/06/05 22:25:16 | 001,158,952 | ---- | C] () -- C:\Ideology.pk
[2010/06/05 22:25:16 | 000,000,000 | ---- | C] () -- C:\Ideology.stx
[2010/06/05 22:25:14 | 081,653,880 | ---- | C] () -- C:\Ideology.mpg
[2010/06/05 22:25:14 | 003,817,221 | ---- | C] () -- C:\Ideology.mp3
[2010/06/05 22:25:12 | 042,076,700 | ---- | C] () -- C:\Ideology wav.wav
[2010/06/05 22:25:12 | 000,246,628 | ---- | C] () -- C:\Ideology wav.pk
[2010/06/05 22:25:11 | 042,722,876 | ---- | C] () -- C:\Ideology cam 2 audio.wav
[2010/06/05 22:25:11 | 000,500,740 | ---- | C] () -- C:\Ideology cam 2 audio.pk
[2010/06/05 22:25:11 | 000,377,369 | ---- | C] () -- C:\ibanez.jpg
[2010/06/05 22:25:10 | 028,788,524 | ---- | C] () -- C:\Howard Iceberg More of Me and Less of Him.wav
[2010/06/05 22:25:10 | 000,000,245 | ---- | C] () -- C:\Hey Janeane.scn
[2010/06/05 22:25:05 | 147,357,852 | ---- | C] () -- C:\Hey Janeane.nrg
[2010/06/05 22:25:05 | 000,105,776 | ---- | C] () -- C:\Hey Janeane.avi.index
[2010/06/05 22:25:05 | 000,105,688 | ---- | C] () -- C:\Hey Janeane.avi.A.index
[2010/06/05 22:24:39 | 838,287,360 | ---- | C] () -- C:\Hey Janeane.avi
[2010/06/05 22:24:39 | 013,686,116 | ---- | C] () -- C:\Hammond Alien Return.wav
[2010/06/05 22:24:39 | 000,291,904 | ---- | C] () -- C:\Guitars.avi.index
[2010/06/05 22:24:39 | 000,291,832 | ---- | C] () -- C:\Guitars.avi.A.index
[2010/06/05 22:24:39 | 000,160,516 | ---- | C] () -- C:\Hammond Alien Return.pk
[2010/06/05 22:24:39 | 000,000,191 | ---- | C] () -- C:\Guitars.scn
[2010/06/05 22:24:33 | 191,882,258 | ---- | C] () -- C:\Guitar stuff.mpg
[2010/06/05 22:24:33 | 000,000,695 | ---- | C] () -- C:\Grimm 4-4-08 tape 2.mpg.scn
[2010/06/05 22:22:08 | 003,490,654 | ---- | C] () -- C:\Grand Funk Railroad - Bad Time.mp3
[2010/06/05 22:22:04 | 149,827,660 | ---- | C] () -- C:\Glossary - Dear Friends and Gentle Hearts.zip
[2010/06/05 22:22:04 | 000,765,076 | ---- | C] () -- C:\Dulli.pk
[2010/06/05 22:22:04 | 000,025,088 | ---- | C] () -- C:\FP department physicians interview protochol.doc
[2010/06/05 22:22:02 | 034,622,128 | ---- | C] () -- C:\Dulli 2 Cover Me.wav
[2010/06/05 22:22:02 | 000,405,820 | ---- | C] () -- C:\Dulli 2 Cover Me.pk
[2010/06/05 22:22:01 | 042,196,964 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.wav
[2010/06/05 22:22:01 | 000,494,584 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.pk
[2010/06/05 22:22:00 | 022,842,777 | ---- | C] () -- C:\Drive-By_Truckers_--_Girls_Who_Smoke_(Bonus_Track).flac
[2010/06/05 22:22:00 | 000,808,804 | ---- | C] () -- C:\DBT.pk
[2010/06/05 22:21:59 | 035,398,978 | ---- | C] () -- C:\DBT 2006-07-13 d1t03.flac
[2010/06/05 22:21:58 | 048,388,112 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.wav
[2010/06/05 22:21:58 | 000,547,804 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.pk
[2010/06/05 22:21:57 | 031,564,972 | ---- | C] () -- C:\DBT 1 Where's Eddie.wav
[2010/06/05 22:21:57 | 000,370,000 | ---- | C] () -- C:\DBT 1 Where's Eddie.pk
[2010/06/05 22:21:56 | 017,678,318 | ---- | C] () -- C:\CT-559-Jay Farrar.mp3
[2010/06/05 22:21:56 | 009,741,584 | ---- | C] () -- C:\Chris_Cornell-You Know My Name-James Bond 007 - Casino Royale.mp3
[2010/06/05 22:21:55 | 011,284,970 | ---- | C] () -- C:\cdbxp_setup_3.0.116.zip
[2010/06/05 22:21:54 | 028,591,780 | ---- | C] () -- C:\cagadas.ZIP
[2010/06/05 22:21:54 | 000,127,135 | ---- | C] () -- C:\boomerang_v2.pdf
[2010/06/05 22:21:54 | 000,014,336 | ---- | C] () -- C:\BRANDON_P_RELEASE.wps
[2010/06/05 22:21:52 | 087,326,720 | ---- | C] () -- C:\backup.pst
[2010/06/05 22:21:52 | 000,000,288 | ---- | C] () -- C:\Autorun.inf
[2010/06/05 22:21:51 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008.zip
[2010/06/05 22:21:50 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost.zip
[2010/06/05 22:21:50 | 000,000,000 | ---- | C] () -- C:\Armies.stx
[2010/06/05 22:21:47 | 088,025,712 | ---- | C] () -- C:\Armies.mpg
[2010/06/05 22:21:46 | 004,397,184 | ---- | C] () -- C:\12. Thunderball-Tom Jones [From Thunderball].mp3
[2010/06/05 22:21:46 | 000,065,562 | ---- | C] () -- C:\1869.jpg
[2010/06/05 22:21:46 | 000,057,733 | ---- | C] () -- C:\1868.jpg
[2010/06/05 22:21:44 | 044,481,068 | ---- | C] () -- C:\07-ArcadeFire-KCRW-1-17-05-BornOnATrain(live) (from MPEG@128kbps).wav
[2010/06/05 21:56:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:06 | 000,001,439 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:14:15 | 000,013,731 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/06/05 20:13:34 | 002,097,152 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:13:34 | 000,262,144 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG1
[2010/06/05 20:13:34 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,290 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/05 20:13:34 | 000,000,272 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/05 20:13:34 | 000,000,020 | -HS- | C] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 20:13:34 | 000,000,000 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG2
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


========== OTL ==========
C:\Users\Brandon\AppData\Local\wljiebblu folder moved successfully.

OTL by OldTimer - Version 3.2.7.0 log created on 06292010_182037


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 02 July 2010 - 11:50 AM

Do you use a router? In which browser do you have the redirects?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 02 July 2010 - 06:15 PM

bleep Tom, I'm sorry, yes I use a router and the redirects occur in Internet Explorer.
Brandon

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 04 July 2010 - 04:32 PM

Hi,


What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.



Please go to start >> run and type

ipconfig /flushdns

and hit enter. Reboot.


Please post back with a fresh OTL logfile smile.gif.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 04 July 2010 - 05:03 PM

Hey Tom,
Thanks for the help and congrats to Germany at the WC, they're looking very, very tough. Anyway, here's the new logfile:
Just FYI a quick search reveals no hijack at this time.
Brandon

OTL logfile created on: 7/4/2010 4:52:51 PM - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Brandon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 725.44 Gb Free Space | 79.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 14.65 Gb Total Space | 8.84 Gb Free Space | 60.38% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC
Current User Name: Brandon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weau.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/30 04:32:46 | 000,000,288 | ---- | M] () - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/27 10:03:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/27 09:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/27 09:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/06/27 09:50:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/27 09:50:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/27 09:50:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/27 09:50:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/27 09:25:19 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Brandon\Desktop\jre-6u20-windows-i586.exe
[2010/06/25 18:15:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/23 15:32:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 15:32:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/23 15:32:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 15:32:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/23 15:32:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 15:32:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/23 15:32:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/23 15:32:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 13:28:00 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 13:27:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 13:27:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 13:27:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 13:27:56 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 13:27:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 13:27:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 13:27:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/16 23:19:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\gmer
[2010/06/16 22:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/16 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
[2010/06/16 22:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/16 22:17:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/16 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/13 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Documents\Outlook Files
[2010/06/13 13:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/06/13 13:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/13 13:18:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/13 13:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/13 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/06/12 20:15:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\FileZilla
[2010/06/12 20:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/12 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/12 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Diagnostics
[2010/06/10 03:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/09 19:44:54 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 19:44:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/09 19:44:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 19:44:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Apple Computer
[2010/06/09 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple Computer
[2010/06/09 18:09:01 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/06/09 18:09:01 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/06/09 18:09:01 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/06/09 18:09:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/09 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/09 18:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/09 18:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/09 18:07:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Apple
[2010/06/09 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/09 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/09 18:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/09 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/08 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Nero
[2010/06/08 22:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/06/08 21:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/06/08 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/06/08 21:55:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/06/08 21:54:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/06/08 21:54:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/06/08 21:54:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/06/08 21:53:59 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/06/08 21:53:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/06/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2010/06/08 11:24:18 | 000,093,184 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2010/06/08 11:19:09 | 000,000,000 | ---D | C] -- C:\epson
[2010/06/07 18:22:31 | 000,177,760 | ---- | C] (ESI) -- C:\Windows\SysWow64\drivers\u24.sys
[2010/06/07 18:22:31 | 000,020,960 | ---- | C] (usb-audio.de) -- C:\Windows\SysWow64\drivers\pgusbmm3.sys
[2010/06/07 18:22:31 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.de
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/07 03:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/06 10:34:27 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Adobe
[2010/06/06 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Tracing
[2010/06/06 08:28:18 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/06/06 08:28:18 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/06/06 08:28:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/06/06 08:28:17 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/06/06 08:28:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/06/06 08:28:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/06/06 08:28:17 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/06/06 08:28:17 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/06/06 08:28:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/06/06 08:28:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/06/06 08:28:17 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/06/06 08:28:17 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/06/06 08:28:17 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/06/06 08:28:17 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/06/06 08:28:17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/06/06 08:28:17 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/06/06 08:28:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/06/06 08:28:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/06/06 08:28:15 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/06/06 08:28:15 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/06/06 08:28:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/06/06 08:28:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/06/06 08:28:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/06/06 08:28:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/06/06 08:28:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/06/06 08:28:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/06/06 08:28:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/06/06 08:28:09 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/06/06 08:28:09 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/06/06 08:28:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/06/06 08:28:09 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/06/06 08:28:08 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/06/06 08:28:08 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/06/06 08:28:08 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/06/06 08:28:07 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/06/06 08:28:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/06/06 08:28:05 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/06/06 08:28:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/06/06 08:28:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/06/05 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/05 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/05 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft Help
[2010/06/05 23:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/05 23:41:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/05 23:21:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\GetRightToGo
[2010/06/05 23:03:36 | 000,000,000 | R-SD | C] -- C:\Users\Brandon\Documents\My Stationery
[2010/06/05 22:50:11 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/06/05 22:50:11 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/06/05 22:50:11 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/06/05 22:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/06/05 22:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/06/05 22:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/06/05 22:49:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio Log Files
[2010/06/05 22:39:46 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macrovision
[2010/06/05 22:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2010/06/05 22:29:12 | 000,156,312 | ---- | C] (Seagate Technology LLC) -- C:\Setup.exe
[2010/06/05 22:21:46 | 018,540,611 | ---- | C] (Agree Software, Inc. ) -- C:\agree-free-dvd-audio-ripper.exe
[2010/06/05 22:20:55 | 000,000,000 | ---D | C] -- C:\WinRAR
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\VIDEO_TS
[2010/06/05 22:20:46 | 000,000,000 | ---D | C] -- C:\Various Artists
[2010/06/05 22:20:45 | 000,000,000 | ---D | C] -- C:\UTI9
[2010/06/05 22:20:42 | 000,000,000 | ---D | C] -- C:\UT_CnR
[2010/06/05 22:20:25 | 000,000,000 | ---D | C] -- C:\UT demos
[2010/06/05 22:20:11 | 000,000,000 | ---D | C] -- C:\Uncle Tupelo1994-04-29
[2010/06/05 22:19:56 | 000,000,000 | ---D | C] -- C:\Total.Recorder.v6.0.Pro
[2010/06/05 22:19:53 | 000,000,000 | ---D | C] -- C:\The_Suburbs_CD___Digital_Preorder
[2010/06/05 22:19:36 | 000,000,000 | ---D | C] -- C:\sv2008-04-09.mk21.flac16
[2010/06/05 22:19:34 | 000,000,000 | ---D | C] -- C:\Studer Stuff
[2010/06/05 22:19:13 | 000,000,000 | ---D | C] -- C:\sonvolt051707flac
[2010/06/05 22:18:53 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-15
[2010/06/05 22:18:33 | 000,000,000 | ---D | C] -- C:\SonVolt2007-06-14.flac16
[2010/06/05 22:18:12 | 000,000,000 | ---D | C] -- C:\sonvolt2007-06-09flac16
[2010/06/05 22:17:51 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-07.4060-MC012-mix.flac16
[2010/06/05 22:17:32 | 000,000,000 | ---D | C] -- C:\sonvolt2007-04-05.4022.flac16
[2010/06/05 22:17:15 | 000,000,000 | ---D | C] -- C:\Son Volt2007.05.14-16bit
[2010/06/05 22:17:12 | 000,000,000 | ---D | C] -- C:\Son Volt ACD
[2010/06/05 22:16:53 | 000,000,000 | ---D | C] -- C:\Son Volt 05-05-07 Helotes, TX
[2010/06/05 22:16:32 | 000,000,000 | ---D | C] -- C:\Son Volt 4-20-07
[2010/06/05 22:16:10 | 000,000,000 | ---D | C] -- C:\Son Volt
[2010/06/05 22:16:08 | 000,000,000 | ---D | C] -- C:\Sleigh Bells - 2hellwu (2009)
[2010/06/05 22:16:05 | 000,000,000 | ---D | C] -- C:\sick sick sick
[2010/06/05 22:15:47 | 000,000,000 | ---D | C] -- C:\She & Him stuff
[2010/06/05 22:15:18 | 000,000,000 | ---D | C] -- C:\Seagate
[2010/06/05 22:10:21 | 000,000,000 | ---D | C] -- C:\Pinnacle.Studio.Plus.Titanium.Edition.v10.6.MULTiLANGUAGE.ISO-TBE
[2010/06/05 22:10:19 | 000,000,000 | ---D | C] -- C:\nora
[2010/06/05 22:10:03 | 000,000,000 | ---D | C] -- C:\NINJA_2009_Tour_Sampler_wav plus Jane's cabinet best buy bonus disc
[2010/06/05 22:09:28 | 000,000,000 | ---D | C] -- C:\Nervous Turkey DVD audio
[2010/06/05 22:08:25 | 000,000,000 | ---D | C] -- C:\Nervous Turkey 9-20-09
[2010/06/05 22:04:32 | 000,000,000 | R--D | C] -- C:\My Documents
[2010/06/05 22:04:26 | 000,000,000 | ---D | C] -- C:\More C Drive Stuff
[2010/06/05 22:04:25 | 000,000,000 | ---D | C] -- C:\Michael K. Weise
[2010/06/05 22:04:10 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 stereo matrix
[2010/06/05 22:04:01 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 matrix
[2010/06/05 22:03:37 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05 FULL WAVES
[2010/06/05 22:03:30 | 000,000,000 | ---D | C] -- C:\Matthew Grimm 2008-04-05
[2010/06/05 22:03:24 | 000,000,000 | ---D | C] -- C:\macongreyson_ep
[2010/06/05 22:03:23 | 000,000,000 | ---D | C] -- C:\LimeWire
[2010/06/05 22:01:20 | 000,000,000 | ---D | C] -- C:\Johnnyman
[2010/06/05 22:01:04 | 000,000,000 | ---D | C] -- C:\Jane's Addiction demos n unreleased
[2010/06/05 22:01:02 | 000,000,000 | R--D | C] -- C:\IDEOLOGY
[2010/06/05 22:00:40 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Unreleased
[2010/06/05 22:00:25 | 000,000,000 | ---D | C] -- C:\Howard Iceberg November Nights
[2010/06/05 22:00:05 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Maiden Voyage
[2010/06/05 21:59:53 | 000,000,000 | ---D | C] -- C:\Howard Iceberg First Fade
[2010/06/05 21:59:39 | 000,000,000 | ---D | C] -- C:\Howard Iceberg Final Fade
[2010/06/05 21:59:24 | 000,000,000 | ---D | C] -- C:\Howard Iceberg and Mike Ireland unreleased tunes
[2010/06/05 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Syntrillium
[2010/06/05 21:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2010/06/05 21:51:21 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 source
[2010/06/05 21:50:58 | 000,000,000 | ---D | C] -- C:\Guitar Pro 5.1 [RSE]
[2010/06/05 21:50:57 | 000,000,000 | ---D | C] -- C:\Goldfinger
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Glossary - Dear Friends and Gentle Hearts
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\Exact Audio Copy
[2010/06/05 21:50:45 | 000,000,000 | ---D | C] -- C:\DVD Audio Extractor
[2010/06/05 21:50:43 | 000,000,000 | ---D | C] -- C:\Ditch Witch
[2010/06/05 21:50:19 | 000,000,000 | ---D | C] -- C:\dbt - ahc town burned down
[2010/06/05 21:50:13 | 000,000,000 | ---D | C] -- C:\coolpro2
[2010/06/05 21:50:06 | 000,000,000 | ---D | C] -- C:\cagadas
[2010/06/05 21:33:17 | 000,000,000 | ---D | C] -- C:\C Drive Stuff
[2010/06/05 21:33:01 | 000,000,000 | ---D | C] -- C:\buck pets demo
[2010/06/05 21:32:45 | 000,000,000 | ---D | C] -- C:\BottleRockets2008-04-19.flac16
[2010/06/05 21:32:35 | 000,000,000 | ---D | C] -- C:\Ass Ponys 2001-6-9
[2010/06/05 21:32:19 | 000,000,000 | ---D | C] -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008
[2010/06/05 21:32:18 | 000,000,000 | R--D | C] -- C:\ARMIES
[2010/06/05 20:49:52 | 000,000,000 | ---D | C] -- C:\Angie's Email
[2010/06/05 20:49:51 | 000,000,000 | ---D | C] -- C:\Angie's Documents
[2010/06/05 20:49:49 | 000,000,000 | ---D | C] -- C:\abproject2007-01-21
[2010/06/05 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\CyberLink
[2010/06/05 20:34:14 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Macromedia
[2010/06/05 20:32:16 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\MigWiz
[2010/06/05 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Brandon\My Backup Files
[2010/06/05 20:24:35 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Adobe
[2010/06/05 20:24:03 | 000,000,000 | -HSD | C] -- C:\System Recovery
[2010/06/05 20:20:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Dell
[2010/06/05 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Stardock_Corporation
[2010/06/05 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\DataSafeOnline
[2010/06/05 20:20:39 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Roxio
[2010/06/05 20:20:32 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SupportSoft
[2010/06/05 20:20:10 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Searches
[2010/06/05 20:20:10 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/05 20:20:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Identities
[2010/06/05 20:19:54 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Contacts
[2010/06/05 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\VirtualStore
[2010/06/05 20:14:53 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/06/05 20:14:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/06/05 20:14:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/06/05 20:14:53 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/06/05 20:13:34 | 000,000,000 | --SD | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Videos
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Saved Games
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Pictures
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Music
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Links
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Favorites
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Downloads
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | R--D | C] -- C:\Users\Brandon\Desktop
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Temporary Internet Files
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Templates
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Start Menu
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\SendTo
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Recent
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\PrintHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\NetHood
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Videos
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Pictures
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Documents\My Music
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\My Documents
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Local Settings
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\History
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Cookies
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -HSD | C] -- C:\Users\Brandon\AppData\Local\Application Data
[2010/06/05 20:13:34 | 000,000,000 | -H-D | C] -- C:\Users\Brandon\AppData
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Temp
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\SoftThinks
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Microsoft
[2010/06/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Media Center Programs
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/04 16:52:10 | 002,097,152 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat
[2010/07/04 16:52:07 | 000,014,183 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/07/04 16:51:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/04 16:51:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/04 16:51:40 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 16:51:10 | 003,357,505 | -H-- | M] () -- C:\Users\Brandon\AppData\Local\IconCache.db
[2010/07/04 09:08:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 09:08:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 09:05:36 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/04 09:05:36 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/04 09:05:36 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/27 11:39:06 | 000,003,021 | ---- | M] () -- C:\Users\Brandon\Desktop\Microsoft Word 2010.lnk
[2010/06/27 09:50:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/06/27 09:50:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/06/27 09:50:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/27 09:50:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/06/27 09:25:28 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Brandon\Desktop\jre-6u20-windows-i586.exe
[2010/06/25 18:15:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2010/06/23 21:27:21 | 000,293,376 | ---- | M] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:41 | 000,525,824 | ---- | M] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/16 23:19:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brandon\Desktop\HijackThis.exe
[2010/06/16 22:58:09 | 000,000,000 | ---- | M] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | M] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:25:50 | 000,002,095 | ---- | M] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:03:04 | 000,111,232 | ---- | M] () -- C:\Users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:33 | 000,074,752 | ---- | M] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/13 13:25:07 | 000,426,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/13 13:22:23 | 000,000,508 | ---- | M] () -- C:\Windows\win.ini
[2010/06/12 11:09:39 | 000,010,942 | ---- | M] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | M] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:14:33 | 000,000,271 | ---- | M] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | M] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:09 | 000,000,934 | ---- | M] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:18:39 | 000,000,247 | ---- | M] () -- C:\Windows\system.ini
[2010/06/05 21:56:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:07 | 000,001,439 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:27:20 | 000,524,288 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:27:20 | 000,065,536 | -HS- | M] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,020 | -HS- | M] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/05 18:10:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/05 11:47:23 | 087,326,720 | ---- | M] () -- C:\backup.pst
[1 C:\Users\Brandon\Documents\*.tmp files -> C:\Users\Brandon\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/27 11:39:06 | 000,003,021 | ---- | C] () -- C:\Users\Brandon\Desktop\Microsoft Word 2010.lnk
[2010/06/23 21:27:14 | 000,293,376 | ---- | C] () -- C:\Users\Brandon\Desktop\cp8pk4j1.exe
[2010/06/23 21:25:36 | 000,525,824 | ---- | C] () -- C:\Users\Brandon\Desktop\dds.scr
[2010/06/22 13:38:46 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\Sti_Trace.log
[2010/06/16 22:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable
[2010/06/16 22:44:40 | 000,284,915 | ---- | C] () -- C:\Users\Brandon\Desktop\gmer.zip
[2010/06/16 22:21:29 | 000,002,095 | ---- | C] () -- C:\Users\Brandon\Desktop\HijackThis.lnk
[2010/06/16 22:17:51 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 22:02:38 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 22:02:38 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{878baff0-79bb-11df-88da-002564f62a85}.TM.blf
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000002.regtrans-ms
[2010/06/16 21:54:18 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 21:54:18 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat{f7ee567f-78ac-11df-9051-002564f62a85}.TM.blf
[2010/06/16 10:58:32 | 000,074,752 | ---- | C] () -- C:\Users\Brandon\Documents\draft_tentative_decision_memo[1]-angie.doc
[2010/06/13 13:38:31 | 000,001,133 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/11 10:36:45 | 000,010,942 | ---- | C] () -- C:\Users\Brandon\Documents\NoraCATS.docx
[2010/06/11 10:36:45 | 000,000,162 | -H-- | C] () -- C:\Users\Brandon\Documents\~$raCATS.docx
[2010/06/09 18:09:17 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 18:07:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/08 22:16:37 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010/06/08 22:13:20 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010/06/08 22:08:01 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010/06/08 22:02:50 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010/06/08 22:02:33 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/06/08 11:24:20 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/07 09:13:45 | 000,000,271 | ---- | C] () -- C:\Users\Brandon\Desktop\Microsoft Exchange - Outlook Web Access.url
[2010/06/07 08:53:45 | 000,000,115 | ---- | C] () -- C:\Users\Brandon\Desktop\statzmusicstudio.com.url
[2010/06/05 22:30:23 | 000,266,930 | ---- | C] () -- C:\zoo2.JPG
[2010/06/05 22:30:23 | 000,266,231 | ---- | C] () -- C:\zoo3.JPG
[2010/06/05 22:30:23 | 000,224,913 | ---- | C] () -- C:\zoo1.JPG
[2010/06/05 22:30:22 | 009,144,320 | ---- | C] () -- C:\White Wedding.mp3
[2010/06/05 22:30:22 | 004,964,728 | ---- | C] () -- C:\Veil.mp3
[2010/06/05 22:30:22 | 000,139,469 | ---- | C] () -- C:\vibeupdate.pdf
[2010/06/05 22:30:22 | 000,000,095 | ---- | C] () -- C:\Various - Dark Was The Night (That Disc).m3u
[2010/06/05 22:30:20 | 059,441,480 | ---- | C] () -- C:\Unlce Tupelo - WMBR - Boston, MA - 1991-1-24.zip
[2010/06/05 22:30:20 | 007,473,401 | ---- | C] () -- C:\Uncle Phil & Aunt Phillis In The Month After The Election.m4a
[2010/06/05 22:30:19 | 034,239,546 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.wav
[2010/06/05 22:30:19 | 007,764,041 | ---- | C] () -- C:\Tom Jones - Duck Dodgers Theme.mp3
[2010/06/05 22:30:18 | 003,930,905 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo.mp3
[2010/06/05 22:30:17 | 043,333,676 | ---- | C] () -- C:\The_Buck_Pets_-_worldwide_smile_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:17 | 003,506,676 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo.mp3
[2010/06/05 22:30:16 | 038,656,556 | ---- | C] () -- C:\The_Buck_Pets_-_to_the_quick_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:16 | 002,967,927 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo.mp3
[2010/06/05 22:30:15 | 032,716,844 | ---- | C] () -- C:\The_Buck_Pets_-_some_hesitation_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 031,905,836 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:14 | 002,894,366 | ---- | C] () -- C:\The_Buck_Pets_-_perfect_demo.mp3
[2010/06/05 22:30:13 | 002,882,245 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo.mp3
[2010/06/05 22:30:12 | 031,772,204 | ---- | C] () -- C:\The_Buck_Pets_-_pearls_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:12 | 003,099,166 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo].mp3
[2010/06/05 22:30:11 | 034,163,756 | ---- | C] () -- C:\The_Buck_Pets_-_moon_goddess_[demo] (from MPEG@128kbps).wav
[2010/06/05 22:30:11 | 004,007,809 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo.mp3
[2010/06/05 22:30:10 | 044,181,548 | ---- | C] () -- C:\The_Buck_Pets_-_lost_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:09 | 003,098,330 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo.mp3
[2010/06/05 22:30:09 | 000,000,934 | ---- | C] () -- C:\Users\Brandon\Desktop\Guitar Pro 5.lnk
[2010/06/05 22:30:08 | 034,154,540 | ---- | C] () -- C:\The_Buck_Pets_-_living_is_the_bigges_thing_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:08 | 004,099,342 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo.mp3
[2010/06/05 22:30:07 | 045,190,700 | ---- | C] () -- C:\The_Buck_Pets_-_hammer_valentine_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:07 | 004,982,072 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo.mp3
[2010/06/05 22:30:05 | 054,922,796 | ---- | C] () -- C:\The_Buck_Pets_-_crutch_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:05 | 003,975,208 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo.mp3
[2010/06/05 22:30:04 | 043,822,124 | ---- | C] () -- C:\The_Buck_Pets_-_c'mon_baby_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:04 | 002,511,097 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo.mp3
[2010/06/05 22:30:03 | 027,680,300 | ---- | C] () -- C:\The_Buck_Pets_-_ave_f_blues_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:03 | 003,821,399 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo.mp3
[2010/06/05 22:30:01 | 042,126,380 | ---- | C] () -- C:\The_Buck_Pets_-_a_little_murder_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:01 | 003,217,030 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo.mp3
[2010/06/05 22:30:00 | 035,463,212 | ---- | C] () -- C:\The_Buck_Pets_-_5_oclock_or_thursday_demo (from MPEG@128kbps).wav
[2010/06/05 22:30:00 | 000,033,792 | ---- | C] () -- C:\THE STARKWEATHERS.doc
[2010/06/05 22:30:00 | 000,024,064 | ---- | C] () -- C:\tasks.doc
[2010/06/05 22:29:59 | 012,501,551 | ---- | C] () -- C:\Sundazed_KS10-03.zip
[2010/06/05 22:29:59 | 000,441,600 | ---- | C] () -- C:\Stramel Films.avi.index
[2010/06/05 22:29:59 | 000,441,576 | ---- | C] () -- C:\Stramel Films.avi.A.index
[2010/06/05 22:29:59 | 000,150,814 | ---- | C] () -- C:\sun glasses.JPG
[2010/06/05 22:29:59 | 000,000,215 | ---- | C] () -- C:\Stramel Films.scn
[2010/06/05 22:29:12 | 3503,795,712 | ---- | C] () -- C:\Stramel Films.avi
[2010/06/05 22:29:12 | 000,000,043 | ---- | C] () -- C:\spaceball.gif
[2010/06/05 22:29:11 | 032,196,812 | ---- | C] () -- C:\Red Smear 2008-05-0216.wav
[2010/06/05 22:29:10 | 058,353,164 | ---- | C] () -- C:\Red Smear 2008-05-0215.wav
[2010/06/05 22:29:09 | 031,688,540 | ---- | C] () -- C:\Red Smear 2008-05-0214.wav
[2010/06/05 22:29:07 | 047,362,268 | ---- | C] () -- C:\Red Smear 2008-05-0213.wav
[2010/06/05 22:29:06 | 047,289,356 | ---- | C] () -- C:\Red Smear 2008-05-0212.wav
[2010/06/05 22:29:04 | 050,546,876 | ---- | C] () -- C:\Red Smear 2008-05-0211.wav
[2010/06/05 22:29:04 | 000,592,432 | ---- | C] () -- C:\Red Smear 2008-05-0211.pk
[2010/06/05 22:29:02 | 057,640,508 | ---- | C] () -- C:\Red Smear 2008-05-0210.wav
[2010/06/05 22:29:01 | 028,329,884 | ---- | C] () -- C:\Red Smear 2008-05-0209.wav
[2010/06/05 22:29:00 | 036,747,692 | ---- | C] () -- C:\Red Smear 2008-05-0208.wav
[2010/06/05 22:28:59 | 037,799,036 | ---- | C] () -- C:\Red Smear 2008-05-0207.wav
[2010/06/05 22:28:58 | 042,159,644 | ---- | C] () -- C:\Red Smear 2008-05-0206.wav
[2010/06/05 22:28:56 | 048,467,708 | ---- | C] () -- C:\Red Smear 2008-05-0205.wav
[2010/06/05 22:28:55 | 048,481,820 | ---- | C] () -- C:\Red Smear 2008-05-0204.wav
[2010/06/05 22:28:55 | 000,568,228 | ---- | C] () -- C:\Red Smear 2008-05-0204.pk
[2010/06/05 22:28:53 | 041,957,372 | ---- | C] () -- C:\Red Smear 2008-05-0203.wav
[2010/06/05 22:28:49 | 042,119,660 | ---- | C] () -- C:\Red Smear 2008-05-0202.wav
[2010/06/05 22:28:48 | 020,768,204 | ---- | C] () -- C:\Red Smear 2008-05-0201.wav
[2010/06/05 22:28:27 | 671,907,884 | ---- | C] () -- C:\Red Smear 2008-05-02.wav
[2010/06/05 22:28:27 | 002,646,364 | ---- | C] () -- C:\Red Smear 2008-05-02.pk
[2010/06/05 22:28:27 | 000,000,697 | ---- | C] () -- C:\Red Smear 2008-05-02 cue.cue
[2010/06/05 22:28:24 | 102,007,478 | ---- | C] () -- C:\Pitiful Reflections.mpg
[2010/06/05 22:28:23 | 034,239,561 | ---- | C] () -- C:\NT2009-05-1616.flac
[2010/06/05 22:28:22 | 039,399,967 | ---- | C] () -- C:\NT2009-05-1615.flac
[2010/06/05 22:28:21 | 047,215,390 | ---- | C] () -- C:\NT2009-05-1614.flac
[2010/06/05 22:28:20 | 021,164,542 | ---- | C] () -- C:\NT2009-05-1613.flac
[2010/06/05 22:28:19 | 040,124,198 | ---- | C] () -- C:\NT2009-05-1612.flac
[2010/06/05 22:28:17 | 058,442,540 | ---- | C] () -- C:\NT2009-05-1611.wav
[2010/06/05 22:28:16 | 029,288,189 | ---- | C] () -- C:\NT2009-05-1611.flac
[2010/06/05 22:28:15 | 036,235,381 | ---- | C] () -- C:\NT2009-05-1610.flac
[2010/06/05 22:28:13 | 052,525,811 | ---- | C] () -- C:\NT2009-05-1609.flac
[2010/06/05 22:28:12 | 034,636,447 | ---- | C] () -- C:\NT2009-05-1608.flac
[2010/06/05 22:28:10 | 041,042,867 | ---- | C] () -- C:\NT2009-05-1607.flac
[2010/06/05 22:28:09 | 030,050,206 | ---- | C] () -- C:\NT2009-05-1606.flac
[2010/06/05 22:28:08 | 032,703,565 | ---- | C] () -- C:\NT2009-05-1605.flac
[2010/06/05 22:28:07 | 040,480,111 | ---- | C] () -- C:\NT2009-05-1604.flac
[2010/06/05 22:28:06 | 022,018,089 | ---- | C] () -- C:\NT2009-05-1603.flac
[2010/06/05 22:28:04 | 048,978,513 | ---- | C] () -- C:\NT2009-05-1602.flac
[2010/06/05 22:28:04 | 020,145,721 | ---- | C] () -- C:\NT2009-05-1601.flac
[2010/06/05 22:28:03 | 038,628,048 | ---- | C] () -- C:\NT2009-04-24t10.flac
[2010/06/05 22:28:01 | 041,596,740 | ---- | C] () -- C:\NT2009-04-24t9.flac
[2010/06/05 22:28:00 | 041,423,587 | ---- | C] () -- C:\NT2009-04-24t8.flac
[2010/06/05 22:27:59 | 047,540,940 | ---- | C] () -- C:\NT2009-04-24t7.flac
[2010/06/05 22:27:58 | 027,915,416 | ---- | C] () -- C:\NT2009-04-24t6.flac
[2010/06/05 22:27:58 | 003,366,235 | ---- | C] () -- C:\NT2009-04-24t5.flac
[2010/06/05 22:27:56 | 035,347,782 | ---- | C] () -- C:\NT2009-04-24t4.flac
[2010/06/05 22:27:55 | 033,299,005 | ---- | C] () -- C:\NT2009-04-24t3.flac
[2010/06/05 22:27:55 | 025,325,644 | ---- | C] () -- C:\NT2009-04-24t2.flac
[2010/06/05 22:27:53 | 038,054,578 | ---- | C] () -- C:\NT2009-04-24t1.flac
[2010/06/05 22:27:52 | 034,385,959 | ---- | C] () -- C:\NT2009-03-26t08.flac
[2010/06/05 22:27:52 | 028,261,981 | ---- | C] () -- C:\NT2009-03-26t07.flac
[2010/06/05 22:27:52 | 001,111,437 | ---- | C] () -- C:\NT2009-03-26t06.flac
[2010/06/05 22:27:51 | 019,260,387 | ---- | C] () -- C:\NT2009-03-26t05.flac
[2010/06/05 22:27:50 | 029,110,350 | ---- | C] () -- C:\NT2009-03-26t04.flac
[2010/06/05 22:27:48 | 056,355,800 | ---- | C] () -- C:\NT2009-03-26t03.flac
[2010/06/05 22:27:47 | 045,606,985 | ---- | C] () -- C:\NT2009-03-26t02.flac
[2010/06/05 22:27:46 | 023,856,732 | ---- | C] () -- C:\NT2009-03-26t01.flac
[2010/06/05 22:27:39 | 233,201,319 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_wav.zip
[2010/06/05 22:27:33 | 166,886,623 | ---- | C] () -- C:\NINJA_2009_Tour_Sampler_FLAC.zip
[2010/06/05 22:25:53 | 3310,125,212 | ---- | C] () -- C:\Nervous Turkey.nrg
[2010/06/05 22:25:52 | 010,631,878 | ---- | C] () -- C:\My Movie 1.wmv
[2010/06/05 22:25:51 | 041,879,222 | ---- | C] () -- C:\My Ass is Bleeding.mpg
[2010/06/05 22:25:33 | 490,438,812 | ---- | C] () -- C:\MO.nrg
[2010/06/05 22:25:33 | 001,344,909 | ---- | C] () -- C:\lovetone_meatball.zip
[2010/06/05 22:25:33 | 000,001,138 | ---- | C] () -- C:\Missouri Trip.ncd
[2010/06/05 22:25:24 | 285,409,436 | ---- | C] () -- C:\ktp.nrg
[2010/06/05 22:25:24 | 000,002,945 | ---- | C] () -- C:\Johnnyman3.ncd
[2010/06/05 22:25:24 | 000,002,886 | ---- | C] () -- C:\Johnnyman2.ncd
[2010/06/05 22:25:24 | 000,001,340 | ---- | C] () -- C:\JohnnymanOST.ncd
[2010/06/05 22:25:24 | 000,001,059 | ---- | C] () -- C:\Johnnyman.ncd
[2010/06/05 22:25:22 | 050,640,240 | ---- | C] () -- C:\Ideology3.wav
[2010/06/05 22:25:21 | 050,729,992 | ---- | C] () -- C:\Ideology2.wav
[2010/06/05 22:25:19 | 051,132,988 | ---- | C] () -- C:\Ideology1.wav
[2010/06/05 22:25:16 | 098,889,884 | ---- | C] () -- C:\Ideology.wav
[2010/06/05 22:25:16 | 001,158,952 | ---- | C] () -- C:\Ideology.pk
[2010/06/05 22:25:16 | 000,000,000 | ---- | C] () -- C:\Ideology.stx
[2010/06/05 22:25:14 | 081,653,880 | ---- | C] () -- C:\Ideology.mpg
[2010/06/05 22:25:14 | 003,817,221 | ---- | C] () -- C:\Ideology.mp3
[2010/06/05 22:25:12 | 042,076,700 | ---- | C] () -- C:\Ideology wav.wav
[2010/06/05 22:25:12 | 000,246,628 | ---- | C] () -- C:\Ideology wav.pk
[2010/06/05 22:25:11 | 042,722,876 | ---- | C] () -- C:\Ideology cam 2 audio.wav
[2010/06/05 22:25:11 | 000,500,740 | ---- | C] () -- C:\Ideology cam 2 audio.pk
[2010/06/05 22:25:11 | 000,377,369 | ---- | C] () -- C:\ibanez.jpg
[2010/06/05 22:25:10 | 028,788,524 | ---- | C] () -- C:\Howard Iceberg More of Me and Less of Him.wav
[2010/06/05 22:25:10 | 000,000,245 | ---- | C] () -- C:\Hey Janeane.scn
[2010/06/05 22:25:05 | 147,357,852 | ---- | C] () -- C:\Hey Janeane.nrg
[2010/06/05 22:25:05 | 000,105,776 | ---- | C] () -- C:\Hey Janeane.avi.index
[2010/06/05 22:25:05 | 000,105,688 | ---- | C] () -- C:\Hey Janeane.avi.A.index
[2010/06/05 22:24:39 | 838,287,360 | ---- | C] () -- C:\Hey Janeane.avi
[2010/06/05 22:24:39 | 013,686,116 | ---- | C] () -- C:\Hammond Alien Return.wav
[2010/06/05 22:24:39 | 000,291,904 | ---- | C] () -- C:\Guitars.avi.index
[2010/06/05 22:24:39 | 000,291,832 | ---- | C] () -- C:\Guitars.avi.A.index
[2010/06/05 22:24:39 | 000,160,516 | ---- | C] () -- C:\Hammond Alien Return.pk
[2010/06/05 22:24:39 | 000,000,191 | ---- | C] () -- C:\Guitars.scn
[2010/06/05 22:24:33 | 191,882,258 | ---- | C] () -- C:\Guitar stuff.mpg
[2010/06/05 22:24:33 | 000,000,695 | ---- | C] () -- C:\Grimm 4-4-08 tape 2.mpg.scn
[2010/06/05 22:22:08 | 003,490,654 | ---- | C] () -- C:\Grand Funk Railroad - Bad Time.mp3
[2010/06/05 22:22:04 | 149,827,660 | ---- | C] () -- C:\Glossary - Dear Friends and Gentle Hearts.zip
[2010/06/05 22:22:04 | 000,765,076 | ---- | C] () -- C:\Dulli.pk
[2010/06/05 22:22:04 | 000,025,088 | ---- | C] () -- C:\FP department physicians interview protochol.doc
[2010/06/05 22:22:02 | 034,622,128 | ---- | C] () -- C:\Dulli 2 Cover Me.wav
[2010/06/05 22:22:02 | 000,405,820 | ---- | C] () -- C:\Dulli 2 Cover Me.pk
[2010/06/05 22:22:01 | 042,196,964 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.wav
[2010/06/05 22:22:01 | 000,494,584 | ---- | C] () -- C:\Dulli 1 Hard Luck Guy.pk
[2010/06/05 22:22:00 | 022,842,777 | ---- | C] () -- C:\Drive-By_Truckers_--_Girls_Who_Smoke_(Bonus_Track).flac
[2010/06/05 22:22:00 | 000,808,804 | ---- | C] () -- C:\DBT.pk
[2010/06/05 22:21:59 | 035,398,978 | ---- | C] () -- C:\DBT 2006-07-13 d1t03.flac
[2010/06/05 22:21:58 | 048,388,112 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.wav
[2010/06/05 22:21:58 | 000,547,804 | ---- | C] () -- C:\DBT 2 Everybody Needs Love.pk
[2010/06/05 22:21:57 | 031,564,972 | ---- | C] () -- C:\DBT 1 Where's Eddie.wav
[2010/06/05 22:21:57 | 000,370,000 | ---- | C] () -- C:\DBT 1 Where's Eddie.pk
[2010/06/05 22:21:56 | 017,678,318 | ---- | C] () -- C:\CT-559-Jay Farrar.mp3
[2010/06/05 22:21:56 | 009,741,584 | ---- | C] () -- C:\Chris_Cornell-You Know My Name-James Bond 007 - Casino Royale.mp3
[2010/06/05 22:21:55 | 011,284,970 | ---- | C] () -- C:\cdbxp_setup_3.0.116.zip
[2010/06/05 22:21:54 | 028,591,780 | ---- | C] () -- C:\cagadas.ZIP
[2010/06/05 22:21:54 | 000,127,135 | ---- | C] () -- C:\boomerang_v2.pdf
[2010/06/05 22:21:54 | 000,014,336 | ---- | C] () -- C:\BRANDON_P_RELEASE.wps
[2010/06/05 22:21:52 | 087,326,720 | ---- | C] () -- C:\backup.pst
[2010/06/05 22:21:52 | 000,000,288 | ---- | C] () -- C:\Autorun.inf
[2010/06/05 22:21:51 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost-2008.zip
[2010/06/05 22:21:50 | 025,368,861 | ---- | C] () -- C:\Arms_Aloft-Comfort_At_Any_Cost.zip
[2010/06/05 22:21:50 | 000,000,000 | ---- | C] () -- C:\Armies.stx
[2010/06/05 22:21:47 | 088,025,712 | ---- | C] () -- C:\Armies.mpg
[2010/06/05 22:21:46 | 004,397,184 | ---- | C] () -- C:\12. Thunderball-Tom Jones [From Thunderball].mp3
[2010/06/05 22:21:46 | 000,065,562 | ---- | C] () -- C:\1869.jpg
[2010/06/05 22:21:46 | 000,057,733 | ---- | C] () -- C:\1868.jpg
[2010/06/05 22:21:44 | 044,481,068 | ---- | C] () -- C:\07-ArcadeFire-KCRW-1-17-05-BornOnATrain(live) (from MPEG@128kbps).wav
[2010/06/05 21:56:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
[2010/06/05 20:33:06 | 000,001,439 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/05 20:14:15 | 000,014,183 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/06/05 20:13:34 | 002,097,152 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/05 20:13:34 | 000,524,288 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 20:13:34 | 000,262,144 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG1
[2010/06/05 20:13:34 | 000,065,536 | -HS- | C] () -- C:\Users\Brandon\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/05 20:13:34 | 000,000,290 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/05 20:13:34 | 000,000,272 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/05 20:13:34 | 000,000,020 | -HS- | C] () -- C:\Users\Brandon\ntuser.ini
[2010/06/05 20:13:34 | 000,000,000 | -HS- | C] () -- C:\Users\Brandon\ntuser.dat.LOG2
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:44 AM

Posted 06 July 2010 - 03:57 PM

Test it with a few more searches, think we got it with your router smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 94prs22

94prs22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 07 July 2010 - 09:48 PM

Yep, I think the router did it. It's working perfectly now. Thanks a bunch Tom.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users