Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Runs & browses by itself in background, malware? Help Please


  • This topic is locked This topic is locked
30 replies to this topic

#1 PokeyPrasch

PokeyPrasch

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 13 July 2010 - 05:24 AM

Thanks in advance for any help. I will check back and follow your instructions, your effort will not be wasted.
This is the first time after many years that I've had any serious virus problems, I was out of town on vacation and when I came back I had a few warnings from Avast AntiVirus, even though I wasn't browsing anything.
I clicked "Abort Connection" but I have no idea how long those warnings were up.
It seems that IE is starting itself up and visiting sites and ads (Probably for more viruses/malware) and it also turns my .wav volume all the way down but I'm not sure if this problem is related. I use PeerBlock and I can see multiple http connections being blocked even when not browsing.

Not knowing how serious it was, I ran Avast- nothing was detected. Then Spybot S&D- also nothing, then I tried the ESET online scanner and it found 4 infections, I selected the boxes after scanning to delete them, thinking the problem was fixed I restarted my PC and several minutes later I found that it was not. (All programs were updated with current data/definitions)
I then downloaded Malwarebytes Anti-Malware and ran that (after disabling Spybot and Avast), it found nothing.
------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4307

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/12/2010 7:19:43 PM
mbam-log-2010-07-12 (19-19-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 329571
Time elapsed: 1 hour(s), 10 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Here is the info I think you need:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pokey Prasch at 1:07:45.60 on Tue 07/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1358 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 100712-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
svchost.exe 4
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe
C:\DOCUME~1\POKEYP~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\POKEYP~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [wben] "c:\program files\starfield\desktop notifier\wben.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
StartupFolder: c:\docume~1\pokeyp~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\pokeyp~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pokeyp~1\applic~1\mozilla\firefox\profiles\ksc92g2y.default\
FF - component: c:\documents and settings\pokey prasch\application data\mozilla\firefox\profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\pokey prasch\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-23 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2010-3-15 14464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-23 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-23 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-23 352920]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-5 14424]
S2 gupdate1ca756c2671b0df;Google Update Service (gupdate1ca756c2671b0df);c:\program files\google\update\GoogleUpdate.exe [2009-12-4 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-07-13 08:07:04 0 ----a-w- c:\documents and settings\pokey prasch\defogger_reenable
2010-07-13 01:08:40 0 d-----w- c:\docume~1\pokeyp~1\applic~1\Malwarebytes
2010-07-13 01:08:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 01:08:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 01:08:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-13 01:08:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 21:18:53 0 d-----w- c:\program files\ESET
2010-07-06 02:00:18 0 d-----w- c:\program files\PeerBlock
2010-07-06 01:36:16 0 d-----w- c:\program files\Bluetack
2010-06-26 21:18:32 0 d-s---w- c:\documents and settings\pokey prasch\UserData
2010-06-20 19:49:35 0 d-----w- c:\program files\Opcion Font Viewer
2010-06-20 19:49:16 0 d-----w- c:\docume~1\pokeyp~1\applic~1\Chiu Software Systems

==================== Find3M ====================

2010-07-13 02:37:38 57825 ----a-w- c:\windows\system32\nvModes.dat
2010-05-05 16:19:54 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 06:15:04 54600 ----a-w- c:\windows\fonts\Shelter Me.ttf
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09:09 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09:05 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 1:08:25.32 ===============

Attached Files


Edited by PokeyPrasch, 13 July 2010 - 12:01 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 18 July 2010 - 07:28 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 18 July 2010 - 09:42 PM

Thanks, I thought maybe I had done something wrong or forgotten something so my post was being overlooked.

OTL:

OTL logfile created on: 7/18/2010 3:45:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Pokey Prasch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 8.28 Gb Free Space | 7.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POKEYPRASCH
Current User Name: Pokey Prasch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
PRC - [2010/06/28 10:29:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/28 02:02:44 | 001,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/08/17 09:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/21 12:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 12:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/02/21 12:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/16 09:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe
PRC - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/05 21:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 20:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/07 15:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 17:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 00:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/06/18 02:34:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/16 15:47:00 | 002,780,212 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/05 21:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/17 09:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 09:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 09:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 09:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 09:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 09:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/16 02:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/03/23 00:32:00 | 003,656,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/29 21:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/09/28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2.development.1
FF - prefs.js..extensions.enabledItems: {a3f3e150-ef43-11de-8a39-0800200c9a66}:3.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 18:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 10:29:34 | 000,000,000 | ---D | M]

[2009/01/22 19:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Extensions
[2010/07/17 18:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions
[2010/04/27 09:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}
[2010/06/02 16:03:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/07 12:09:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/07/09 12:01:44 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/07/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\https-everywhere@eff.org
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2010/07/17 15:49:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 13:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2009/04/24 13:27:57 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/11/20 14:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [wben] C:\Program Files\Starfield\Desktop Notifier\wben.exe (Starfield Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.224.36 24.205.192.61
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 18:34:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c64e0be4-d4af-11de-abaa-0013cef52dda}\Shell - "" = AutoRun
O33 - MountPoints2\{c64e0be4-d4af-11de-abaa-0013cef52dda}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c64e0be4-d4af-11de-abaa-0013cef52dda}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/18 15:44:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
[2010/07/14 11:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc
[2010/07/13 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\luc-chucknoris
[2010/07/13 21:33:25 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/07/13 17:27:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/12 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Malwarebytes
[2010/07/12 18:08:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/12 18:08:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/12 18:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/12 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 14:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/11 00:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/11 00:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/08 16:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Hopfest_stuff
[2010/07/05 19:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/07/05 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bluetack
[2010/06/28 11:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\harabarahand
[2010/06/28 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector
[2010/06/26 14:18:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Pokey Prasch\UserData
[2010/06/24 12:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Trifold
[2010/06/23 16:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/21 07:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Logos
[2010/06/20 12:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Opcion Font Viewer
[2010/06/20 12:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Chiu Software Systems
[2010/06/20 12:48:56 | 001,024,176 | ---- | C] (Chiu Software Systems) -- C:\Documents and Settings\Pokey Prasch\Desktop\Opcion_Installer.exe
[2010/06/02 09:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/06/01 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/05 09:19:54 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/05 09:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Leadertech
[2010/05/05 09:04:53 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010/05/05 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/05/05 08:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/05/03 04:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/02 19:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\KodakGallery
[2010/05/02 19:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Skinux
[2010/05/02 19:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\My Documents\My Print Creations
[2010/05/02 19:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\ArcSoft
[2010/05/02 19:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\ArcSoft
[2010/05/02 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/05/02 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/02 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/05/02 19:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2010/05/02 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/05/02 18:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/05/02 18:19:06 | 000,000,000 | ---D | C] -- C:\Kodak
[2010/04/28 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\cleanup
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
[2010/07/18 14:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 21:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/17 19:11:33 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 10:04:40 | 000,057,825 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/15 10:02:37 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\NTUSER.DAT
[2010/07/15 10:02:28 | 000,318,596 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_flyer.pdf
[2010/07/15 10:01:17 | 000,320,059 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_Flyer-wave.pdf
[2010/07/15 10:00:12 | 000,173,491 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer4.pdf
[2010/07/15 09:56:11 | 001,914,849 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer.ai
[2010/07/15 09:34:48 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/15 09:34:38 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/07/15 09:34:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/15 09:34:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/14 23:30:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pokey Prasch\ntuser.ini
[2010/07/14 16:46:06 | 009,651,785 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc.zip
[2010/07/14 11:27:37 | 002,221,914 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.jpg
[2010/07/14 11:22:30 | 002,646,141 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chuck!.psd
[2010/07/14 11:18:39 | 007,518,365 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.zip
[2010/07/14 10:13:54 | 000,944,822 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad copy.ai
[2010/07/14 10:08:49 | 003,462,590 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_CommunityAd_Foamcore.jpg
[2010/07/14 09:46:39 | 009,278,837 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pwny_update.psd
[2010/07/14 09:45:48 | 001,297,120 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PNWU_Ad_upddate.tif
[2010/07/14 09:30:40 | 001,502,532 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pnwu_bg.tif
[2010/07/13 21:39:43 | 000,110,397 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/07/13 21:31:35 | 070,214,168 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AiO_071_000_201_000_CDA_DriverOnly_NonNetwork_enu_NB.exe
[2010/07/13 20:45:46 | 000,042,420 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChuckNorrisShocker001.JPG
[2010/07/13 17:25:25 | 001,776,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 15:11:16 | 005,091,679 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Mag.jpg
[2010/07/13 13:50:12 | 001,781,760 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DreamLover - Bobby Darren.mp3
[2010/07/13 09:59:09 | 000,031,676 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Hob.jpg
[2010/07/13 09:24:43 | 001,936,317 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer_back.ai
[2010/07/13 01:14:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.zip
[2010/07/13 01:07:38 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr
[2010/07/13 01:07:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\defogger_reenable
[2010/07/13 01:06:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Defogger.exe
[2010/07/12 19:37:38 | 000,057,825 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/12 18:08:31 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 11:45:30 | 005,312,922 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Untitled-1 copy.ai
[2010/07/12 11:37:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 00:36:38 | 000,107,329 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\26715_403575149153_60164289153_4071014_3954883_n.jpg
[2010/07/09 15:22:45 | 000,053,360 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\banner.jpg
[2010/07/09 15:04:07 | 000,384,609 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Scan 001.pdf
[2010/07/08 20:34:08 | 003,173,550 | -H-- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\IconCache.db
[2010/07/08 16:38:49 | 000,509,043 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\SavannaMontana.jpg
[2010/07/08 11:14:56 | 000,511,410 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1351.JPG
[2010/07/06 20:55:50 | 000,048,716 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\98prelude.jpg
[2010/07/05 02:57:28 | 001,226,845 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1350.JPG
[2010/07/05 02:57:22 | 001,183,528 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1349.JPG
[2010/07/05 02:56:28 | 001,190,189 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1348.JPG
[2010/07/05 02:55:52 | 001,098,001 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1347.JPG
[2010/07/05 02:55:40 | 001,113,747 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1346.JPG
[2010/07/04 08:21:00 | 001,458,608 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1345.JPG
[2010/07/04 07:29:48 | 001,305,049 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1344.JPG
[2010/07/04 07:29:42 | 001,278,321 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1343.JPG
[2010/07/04 06:48:20 | 001,245,220 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1342.JPG
[2010/07/04 06:48:06 | 001,296,698 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1341.JPG
[2010/07/04 04:06:44 | 001,435,772 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1340.JPG
[2010/07/04 04:06:36 | 001,459,167 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1339.JPG
[2010/07/01 00:20:34 | 001,548,455 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.jpg
[2010/07/01 00:19:41 | 000,736,947 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.eps
[2010/06/30 14:07:19 | 001,547,591 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Occ Med Brochure Request.pdf
[2010/06/30 10:33:06 | 000,404,356 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad.pdf
[2010/06/30 10:26:10 | 021,209,156 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Updated_SymphonyAd.pdf
[2010/06/29 16:18:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR Marketing Flyer.doc
[2010/06/29 12:35:26 | 000,772,121 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.psd
[2010/06/29 12:29:59 | 000,175,723 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo(2).jpg
[2010/06/29 12:29:58 | 000,175,723 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.jpg
[2010/06/29 12:11:27 | 000,328,352 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cardiac_yakimasymphony.pdf
[2010/06/29 09:20:50 | 000,454,110 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA1.jpg
[2010/06/29 09:20:22 | 000,462,159 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_dave l1.jpg
[2010/06/29 09:18:42 | 000,349,980 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA1.tif
[2010/06/28 19:13:51 | 000,095,664 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/28 19:09:51 | 006,540,674 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA_theatre.tif
[2010/06/28 19:08:20 | 000,460,437 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.jpg
[2010/06/28 19:06:25 | 000,470,340 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.jpg
[2010/06/28 19:01:06 | 005,756,090 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA.ai
[2010/06/28 18:58:23 | 004,460,620 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.tif
[2010/06/28 18:54:46 | 004,831,998 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.tif
[2010/06/28 12:43:02 | 001,567,806 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc copy.pdf
[2010/06/28 12:41:44 | 004,908,578 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc.ai
[2010/06/28 11:23:10 | 007,732,362 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector.rar
[2010/06/25 11:30:56 | 009,049,389 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.ai
[2010/06/25 10:51:15 | 002,631,902 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.pdf
[2010/06/25 10:48:26 | 002,193,856 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.tif
[2010/06/24 22:01:42 | 006,094,009 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB.ai
[2010/06/24 15:46:11 | 002,627,310 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.--FOCEREXTRA 005.jpg
[2010/06/24 15:38:51 | 002,365,747 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Exp_TriFold_Draft1.pdf
[2010/06/24 15:07:06 | 001,180,091 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YR_Logo_Rework.ai
[2010/06/24 15:06:02 | 000,960,631 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_NewLogo.eps
[2010/06/24 10:57:33 | 000,932,884 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HMA-ER Extra.pdf
[2010/06/24 10:01:29 | 002,595,282 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald copy.pdf
[2010/06/23 04:02:33 | 000,502,240 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 04:02:33 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 04:02:33 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 15:14:19 | 000,035,402 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo3.jpg
[2010/06/21 19:59:57 | 001,535,222 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVan_Banner.pdf
[2010/06/21 15:03:25 | 000,038,606 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo1.jpg
[2010/06/21 14:58:24 | 000,046,092 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo2.jpg
[2010/06/21 07:27:51 | 008,847,992 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\bg.tif
[2010/06/20 18:10:08 | 000,007,406 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\weddinginvitelogo.png
[2010/06/20 12:48:52 | 001,024,176 | ---- | M] (Chiu Software Systems) -- C:\Documents and Settings\Pokey Prasch\Desktop\Opcion_Installer.exe
[2010/06/20 11:37:03 | 000,004,874 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HeartVascCenter_200.gif
[2010/06/19 08:51:03 | 003,119,558 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\invitations.ai
[2010/06/18 22:08:13 | 000,964,774 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.psd
[2010/06/18 22:04:33 | 000,194,233 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.jpg
[2010/06/18 10:08:27 | 002,312,443 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ArtVan_Banner_Proof.psd
[2010/06/18 10:08:20 | 000,230,702 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof3.jpg
[2010/06/16 12:32:14 | 000,236,809 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof2.jpg
[2010/06/15 15:16:31 | 000,217,409 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof1.jpg
[2010/06/14 10:47:40 | 001,608,279 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ICANHAZ.JPG
[2010/06/11 11:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 22:53:44 | 000,015,979 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pomp1.jpg
[2010/06/10 17:02:58 | 000,005,128 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Turbin4.gif
[2010/06/02 11:55:29 | 000,410,512 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad.tif
[2010/06/01 18:20:21 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/01 18:18:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/01 18:18:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/01 18:18:09 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/18 21:10:54 | 000,113,525 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cmferguson_resume.pdf
[2010/05/18 21:10:53 | 000,112,747 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChadF_ResumeG.pdf
[2010/05/05 09:19:54 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/05 09:05:01 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/04 15:59:56 | 000,099,915 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseIII.pdf
[2010/05/04 15:59:56 | 000,091,011 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseII.pdf
[2010/05/04 15:59:55 | 000,085,025 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\PulmonaryRehab.pdf
[2010/05/02 19:10:49 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/02 19:10:27 | 000,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/02 19:02:36 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/15 09:59:33 | 000,173,491 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer4.pdf
[2010/07/15 09:57:28 | 000,318,596 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_flyer.pdf
[2010/07/15 09:56:43 | 000,320,059 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_Flyer-wave.pdf
[2010/07/14 16:46:05 | 009,651,785 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc.zip
[2010/07/14 11:26:36 | 002,221,914 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.jpg
[2010/07/14 11:18:27 | 007,518,365 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.zip
[2010/07/14 10:03:12 | 003,462,590 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_CommunityAd_Foamcore.jpg
[2010/07/14 09:46:37 | 009,278,837 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pwny_update.psd
[2010/07/14 09:45:38 | 001,297,120 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PNWU_Ad_upddate.tif
[2010/07/14 09:30:38 | 001,502,532 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pnwu_bg.tif
[2010/07/13 21:33:37 | 000,110,397 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/07/13 21:33:18 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/07/13 21:26:36 | 070,214,168 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AiO_071_000_201_000_CDA_DriverOnly_NonNetwork_enu_NB.exe
[2010/07/13 21:07:30 | 002,646,141 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chuck!.psd
[2010/07/13 20:45:46 | 000,042,420 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChuckNorrisShocker001.JPG
[2010/07/13 14:02:49 | 005,091,679 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Mag.jpg
[2010/07/13 13:50:06 | 001,781,760 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DreamLover - Bobby Darren.mp3
[2010/07/13 09:59:05 | 000,031,676 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Hob.jpg
[2010/07/13 01:15:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.exe
[2010/07/13 01:14:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.zip
[2010/07/13 01:07:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr
[2010/07/13 01:07:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\defogger_reenable
[2010/07/13 01:06:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Defogger.exe
[2010/07/12 18:08:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 11:45:30 | 005,312,922 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Untitled-1 copy.ai
[2010/07/12 00:36:37 | 000,107,329 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\26715_403575149153_60164289153_4071014_3954883_n.jpg
[2010/07/09 15:20:47 | 000,053,360 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\banner.jpg
[2010/07/09 15:04:08 | 000,384,609 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Scan 001.pdf
[2010/07/08 16:38:46 | 000,509,043 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\SavannaMontana.jpg
[2010/07/08 16:21:53 | 001,936,317 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer_back.ai
[2010/07/06 21:06:49 | 001,459,167 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1339.JPG
[2010/07/06 21:06:49 | 001,458,608 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1345.JPG
[2010/07/06 21:06:49 | 001,435,772 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1340.JPG
[2010/07/06 21:06:49 | 001,305,049 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1344.JPG
[2010/07/06 21:06:49 | 001,296,698 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1341.JPG
[2010/07/06 21:06:49 | 001,278,321 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1343.JPG
[2010/07/06 21:06:49 | 001,245,220 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1342.JPG
[2010/07/06 21:06:49 | 001,226,845 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1350.JPG
[2010/07/06 21:06:49 | 001,190,189 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1348.JPG
[2010/07/06 21:06:49 | 001,183,528 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1349.JPG
[2010/07/06 21:06:49 | 001,113,747 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1346.JPG
[2010/07/06 21:06:49 | 001,098,001 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1347.JPG
[2010/07/06 21:06:49 | 000,511,410 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1351.JPG
[2010/07/06 11:33:02 | 000,944,822 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad copy.ai
[2010/07/06 11:21:04 | 001,914,849 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer.ai
[2010/07/01 00:20:28 | 001,548,455 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.jpg
[2010/07/01 00:19:38 | 000,736,947 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.eps
[2010/06/30 14:07:19 | 001,547,591 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Occ Med Brochure Request.pdf
[2010/06/30 10:33:09 | 000,404,356 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad.pdf
[2010/06/29 16:18:48 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR Marketing Flyer.doc
[2010/06/29 12:39:35 | 021,209,156 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Updated_SymphonyAd.pdf
[2010/06/29 12:35:25 | 000,772,121 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.psd
[2010/06/29 12:30:01 | 000,175,723 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo(2).jpg
[2010/06/29 12:29:58 | 000,175,723 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.jpg
[2010/06/29 12:11:29 | 000,328,352 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cardiac_yakimasymphony.pdf
[2010/06/29 09:14:23 | 000,462,159 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_dave l1.jpg
[2010/06/29 09:10:13 | 000,349,980 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA1.tif
[2010/06/29 09:07:29 | 000,454,110 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA1.jpg
[2010/06/28 19:09:41 | 006,540,674 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA_theatre.tif
[2010/06/28 19:08:17 | 000,460,437 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.jpg
[2010/06/28 19:06:17 | 000,470,340 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.jpg
[2010/06/28 19:01:00 | 005,756,090 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA.ai
[2010/06/28 18:58:14 | 004,460,620 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.tif
[2010/06/28 18:54:33 | 004,831,998 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.tif
[2010/06/28 12:42:49 | 001,567,806 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc copy.pdf
[2010/06/28 12:41:36 | 004,908,578 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc.ai
[2010/06/28 11:20:37 | 007,732,362 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector.rar
[2010/06/24 23:46:34 | 003,016,762 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\wedding_invite_2.ai
[2010/06/24 21:53:55 | 002,631,902 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.pdf
[2010/06/24 21:33:19 | 002,193,856 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.tif
[2010/06/24 15:46:05 | 002,627,310 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.--FOCEREXTRA 005.jpg
[2010/06/24 15:37:00 | 002,365,747 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Exp_TriFold_Draft1.pdf
[2010/06/24 15:05:59 | 000,960,631 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_NewLogo.eps
[2010/06/24 10:57:31 | 000,932,884 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HMA-ER Extra.pdf
[2010/06/24 10:32:18 | 006,094,009 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB.ai
[2010/06/24 10:01:22 | 002,595,282 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald copy.pdf
[2010/06/23 12:53:44 | 009,049,389 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.ai
[2010/06/22 15:14:19 | 000,035,402 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo3.jpg
[2010/06/21 15:03:25 | 000,038,606 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo1.jpg
[2010/06/21 14:58:24 | 000,046,092 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo2.jpg
[2010/06/21 07:27:48 | 008,847,992 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\bg.tif
[2010/06/20 18:10:08 | 000,007,406 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\weddinginvitelogo.png
[2010/06/20 11:37:02 | 000,004,874 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HeartVascCenter_200.gif
[2010/06/18 22:36:15 | 003,119,558 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\invitations.ai
[2010/06/18 22:08:12 | 000,964,774 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.psd
[2010/06/18 22:04:33 | 000,194,233 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.jpg
[2010/06/18 11:02:40 | 001,535,222 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVan_Banner.pdf
[2010/06/18 10:08:19 | 000,230,702 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof3.jpg
[2010/06/16 12:32:13 | 000,236,809 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof2.jpg
[2010/06/15 15:16:29 | 000,217,409 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof1.jpg
[2010/06/15 15:15:42 | 002,312,443 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ArtVan_Banner_Proof.psd
[2010/06/14 22:55:01 | 001,608,279 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ICANHAZ.JPG
[2010/06/10 22:53:44 | 000,015,979 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pomp1.jpg
[2010/06/10 17:02:57 | 000,005,128 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Turbin4.gif
[2010/06/02 11:51:57 | 000,410,512 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad.tif
[2010/06/01 18:35:39 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 14:27:30 | 001,180,091 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YR_Logo_Rework.ai
[2010/05/23 21:57:55 | 000,048,716 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\98prelude.jpg
[2010/05/18 21:10:54 | 000,113,525 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cmferguson_resume.pdf
[2010/05/18 21:10:52 | 000,112,747 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChadF_ResumeG.pdf
[2010/05/05 09:05:01 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/04 15:59:56 | 000,099,915 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseIII.pdf
[2010/05/04 15:59:55 | 000,085,025 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\PulmonaryRehab.pdf
[2010/05/04 15:59:53 | 000,091,011 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseII.pdf
[2010/05/02 19:10:49 | 000,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/02 19:10:49 | 000,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/02 19:02:36 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/02/21 22:58:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/07/17 14:40:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/07 03:28:41 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/04/27 12:48:45 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/10 02:26:20 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/03/10 02:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/23 08:10:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/23 08:10:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/23 08:10:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/22 22:26:08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/22 22:26:08 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/22 22:26:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/22 22:26:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/22 22:26:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/01/22 22:23:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== LOP Check ==========

[2009/02/17 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/04/24 13:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/01/19 09:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/18 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/31 19:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/19 09:33:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/02/17 21:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Ashampoo
[2009/06/18 01:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Auslogics
[2010/06/20 12:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Chiu Software Systems
[2009/06/08 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/13 13:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Costco Photo Viewer US
[2010/03/07 19:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Facebook
[2009/02/17 20:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Free-backup.info
[2009/01/22 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\GetRightToGo
[2010/05/05 09:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Leadertech
[2009/06/23 12:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\MyPublisher
[2009/03/03 17:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Opera
[2010/05/02 19:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Skinux
[2009/11/28 00:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Smith Micro
[2010/01/07 23:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\SystemRequirementsLab
[2009/04/09 12:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Turbine
[2010/07/17 19:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\uTorrent
[2009/02/18 16:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 17:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/13 17:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2004/08/04 03:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/13 11:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 17:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 17:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 17:12:04 | 000,433,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2008/04/13 17:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 17:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 17:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 17:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2008/04/13 10:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/22 07:26:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/22 07:26:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/22 07:26:02 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/01/22 18:34:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/22 18:21:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/01/22 18:34:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/22 18:34:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/22 18:34:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/23 07:32:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/15 09:34:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 09:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2004/08/04 03:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras:


OTL Extras logfile created on: 7/18/2010 3:45:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Pokey Prasch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 8.28 Gb Free Space | 7.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POKEYPRASCH
Current User Name: Pokey Prasch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58690:TCP" = 58690:TCP:*:Enabled:Pando Media Booster
"58690:UDP" = 58690:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Turbine\DDO Lamania Server\dndclient.exe" = C:\Program Files\Turbine\DDO Lamania Server\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B86688D9-0F85-458B-AFB1-5B3B4C8CE541}" = Opcion Font Viewer
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5CFF65B-1E1E-489E-86E2-C2A3AF4C88D9}" = Web-Based Email Tools
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D61F7835-65DF-4662-9A71-CD51F8FC0CE4}" = Desktop Notifier
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.06.00.8213
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"avast!" = avast! Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"I8kfanGUI" = I8kfanGUI V3.1
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Ken Ward's Zipper_is1" = Ken Ward's Zipper 1.4000
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Standard
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyPublisher" = MyPublisher
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"ProInst" = Intel® PROSet/Wireless Software
"SiteGrinder2" = Media Lab SiteGrinder 2 (Basic & Pro)
"Tablet Driver" = Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/21/2009 1:19:29 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.mapquest.com/_svc/routeio?actio...1258823969129,1
failed, 0000A413.

Error - 11/23/2009 5:30:49 AM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://c1.neweggimages.com/WebResource/Scr...on/json2.min.js failed, 0000A413.


Error - 1/19/2010 12:54:36 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 1/19/2010 12:54:36 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 1/19/2010 12:54:47 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 1/20/2010 3:27:48 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100KP850\100_4620.JPG failed, 0000A420.

Error - 1/20/2010 3:27:55 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100KP850\100_4790.JPG failed, 0000A420.

Error - 4/20/2010 5:56:29 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100KP850\100_4825.JPG failed, 0000A420.

Error - 4/20/2010 5:56:31 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100KP850\100_4830.JPG failed, 0000A420.

Error - 5/2/2010 9:09:10 PM | Computer Name = POKEYPRASCH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\DCIM\100KP850\100_4809.JPG failed, 0000A420.

[ Application Events ]
Error - 10/9/2009 11:32:24 PM | Computer Name = POKEYPRASCH | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 9.0.0.332, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2009 11:32:25 PM | Computer Name = POKEYPRASCH | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 9.0.0.332, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2009 7:56:33 PM | Computer Name = POKEYPRASCH | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 12.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/15/2009 1:41:24 AM | Computer Name = POKEYPRASCH | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.5, faulting module pg2.exe,
version 1.0.6.5, fault address 0x0002ee56.

Error - 10/15/2009 11:21:16 PM | Computer Name = POKEYPRASCH | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 9.0.0.196, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/16/2010 12:59:46 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 12:59:53 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 12:59:59 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:05 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:12 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:18 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:25 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:31 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:37 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/16/2010 1:00:44 AM | Computer Name = POKEYPRASCH | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

Attached is an updated GMER log.

Thanks again.

Attached Files

  • Attached File  ark.txt   4.37KB   6 downloads

Edited by PokeyPrasch, 18 July 2010 - 11:59 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 19 July 2010 - 07:32 PM

Hello, PokeyPrasch.

Nope...nothring wrong, we just have a 5 day wait give or take. It fluctuates...we even had it down to a few hours not too long ago, but malware never sleeps. Unfortunately, I need to!

Responses will be at least daily now that we're working together.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 19 July 2010 - 08:20 PM

UTorrent uninstalled.

Would not allow me to install Recovery Console, it said I was not connected to the internet though I was, it automatically started after giving me message.
Computer seems to be running slightly better, there is a new IE shortcut on my desktop and it was reset to my preferred browser.

iexplore.exe is still running and browsing in background.

Here is the Combofix log.
----------------

ComboFix 10-07-19.01 - Pokey Prasch 07/19/2010 18:03:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1479 [GMT -7:00]
Running from: c:\documents and settings\Pokey Prasch\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100719-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pokey Prasch\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-14 04:40 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-14 04:40 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-14 04:33 . 2010-07-14 04:39 110397 ----a-w- c:\windows\hpoins11.dat
2010-07-14 04:33 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-07-14 04:33 . 2005-07-19 01:38 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-07-14 04:33 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2010-07-14 04:33 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2010-07-14 04:33 . 2006-05-06 03:10 6947 ----a-w- c:\windows\hpomdl11.dat
2010-07-13 23:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 01:08 . 2010-07-13 01:08 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\Malwarebytes
2010-07-13 01:08 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 01:08 . 2010-07-13 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-13 01:08 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 01:08 . 2010-07-13 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 21:18 . 2010-07-12 21:18 -------- d-----w- c:\program files\ESET
2010-07-06 02:00 . 2010-07-20 00:43 -------- d-----w- c:\program files\PeerBlock
2010-07-06 01:36 . 2010-07-06 01:36 -------- d-----w- c:\program files\Bluetack
2010-06-26 21:18 . 2010-06-26 21:18 -------- d-s---w- c:\documents and settings\Pokey Prasch\UserData
2010-06-23 23:39 . 2010-06-23 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-20 19:49 . 2010-06-20 19:49 -------- d-----w- c:\program files\Opcion Font Viewer
2010-06-20 19:49 . 2010-06-20 19:49 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\Chiu Software Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 00:41 . 2009-01-23 14:48 -------- d-----w- c:\program files\uTorrent
2010-07-20 00:41 . 2009-01-23 14:48 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\uTorrent
2010-07-19 05:53 . 2009-02-15 20:46 336 ----a-w- c:\windows\system32\tablet.dat
2010-07-19 05:53 . 2010-05-03 02:05 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-13 02:37 . 2009-01-23 05:40 57825 ----a-w- c:\windows\system32\nvModes.dat
2010-07-06 02:00 . 2009-02-17 17:59 -------- d-----w- c:\program files\PeerGuardian2
2010-06-29 02:13 . 2009-01-23 05:33 95664 ----a-w- c:\documents and settings\Pokey Prasch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 14:31 . 2009-01-23 01:32 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 22:37 . 2010-06-10 22:37 3262 ----a-r- c:\documents and settings\Pokey Prasch\Application Data\Microsoft\Installer\{D61F7835-65DF-4662-9A71-CD51F8FC0CE4}\_3D3BEF138285965BE9C4E7.exe
2010-06-10 22:37 . 2010-01-07 20:50 -------- d-----w- c:\program files\Starfield
2010-06-05 22:05 . 2009-02-01 02:00 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\Apple Computer
2010-06-02 01:18 . 2010-06-02 01:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-24 00:50 . 2010-06-02 23:03 73216 ----a-w- c:\documents and settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-05 16:19 . 2010-05-05 16:19 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-03 01:53 . 2010-05-03 01:53 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2010-05-03 01:53 . 2010-05-03 01:53 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2010-05-03 01:53 . 2010-05-03 01:53 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-05-03 01:43 . 2010-05-03 01:43 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-05-03 01:42 . 2010-05-03 01:41 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2010-05-03 01:41 . 2010-05-03 01:41 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_329084\EasyShrx.Dll
2010-05-03 01:41 . 2010-05-03 01:41 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-09-24 338456]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-23 7561216]
"nwiz"="nwiz.exe" [2006-03-23 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-23 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]

c:\documents and settings\Pokey Prasch\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-5-5 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-15 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Turbine\\DDO Lamania Server\\dndclient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58690:TCP"= 58690:TCP:Pando Media Booster
"58690:UDP"= 58690:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/23/2009 7:43 AM 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [3/15/2010 10:56 PM 14464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/23/2009 7:43 AM 20560]
S2 gupdate1ca756c2671b0df;Google Update Service (gupdate1ca756c2671b0df);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2009 10:31 PM 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [7/5/2010 7:00 PM 14424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 05:30]

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 05:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\
FF - component: c:\documents and settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\Pokey Prasch\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 18:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2010-07-19 18:13:01
ComboFix-quarantined-files.txt 2010-07-20 01:12

Pre-Run: 8,742,203,392 bytes free
Post-Run: 10,468,679,680 bytes free

- - End Of File - - 2AC3F2216684A8F9B38FD33B5941F78B

Thanks again.

Edited by PokeyPrasch, 19 July 2010 - 08:22 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 20 July 2010 - 07:32 PM

Hello, PokeyPrasch.

OK...based on your logs, I think you have some system files that are infected. Let's try to replace with Combofix. First, let's install the recovery console. When we work with system drivers, there's a measurable chance that we get stuck while doing so and it would prevent Windows from booting. The Recovery Console allows us access to fix the system and get it working again. Better safe than sorry.

Please click on the following link to go to Microsoft's website.
http://support.microsoft.com/kb/310994

At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. If you are using Windows XP Service Pack 3 (SP3), then select the Service Pack 2 download. If you are using Windows XP Media Center, then you should select the Windows XP Pro Service Pack 2 download. If you are unsure what version of Windows you have and what Service Pack is installed, you can follow these instructions to gain that information.
  1. Click on the Start button.
  2. Click on the Run option.
  3. type sysdm.cpl and then hit OK
  4. A screen will appear showing information about your Windows installation. Under the System category you should see your Windows version and the installed service pack. Write this down and proceed to download the correct version as above.
Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image.


ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer, please select no to cancel the scan.





...After it's installed...let's test it.
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
at the prompt, type
exit
and press enter. It should reboot normally.

Post back if you were able to get into the recovery console or not.

etavares

EDIT: Image tags

Edited by etavares, 20 July 2010 - 07:32 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 21 July 2010 - 12:04 AM

Recovery Console installed and working.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 July 2010 - 05:44 PM

Hello, PokeyPrasch.

OK, let's try the 'easy' way first. We may have to do this manually in the recovery console.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
FCopy::
C:\WINDOWS\ServicePackFiles\i386\user32.dll | C:\WINDOWS\system32\user32.dll
C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll | C:\WINDOWS\system32\ws2_32.dll


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 21 July 2010 - 06:15 PM

ComboFix 10-07-19.01 - Pokey Prasch 07/21/2010 16:00:27.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1446 [GMT -7:00]
Running from: c:\documents and settings\Pokey Prasch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pokey Prasch\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1351 [VPS 100721-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-14 04:40 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-14 04:40 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-14 04:33 . 2010-07-14 04:39 110397 ----a-w- c:\windows\hpoins11.dat
2010-07-14 04:33 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2010-07-14 04:33 . 2005-07-19 01:38 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2010-07-14 04:33 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2010-07-14 04:33 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2010-07-14 04:33 . 2006-05-06 03:10 6947 ----a-w- c:\windows\hpomdl11.dat
2010-07-13 23:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 01:08 . 2010-07-13 01:08 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\Malwarebytes
2010-07-13 01:08 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 01:08 . 2010-07-13 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-13 01:08 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 01:08 . 2010-07-13 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 21:18 . 2010-07-12 21:18 -------- d-----w- c:\program files\ESET
2010-07-06 02:00 . 2010-07-21 23:07 -------- d-----w- c:\program files\PeerBlock
2010-07-06 01:36 . 2010-07-06 01:36 -------- d-----w- c:\program files\Bluetack
2010-06-26 21:18 . 2010-06-26 21:18 -------- d-s---w- c:\documents and settings\Pokey Prasch\UserData
2010-06-23 23:39 . 2010-06-23 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 04:41 . 2009-02-15 20:46 336 ----a-w- c:\windows\system32\tablet.dat
2010-07-21 04:41 . 2010-05-03 02:05 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-20 23:04 . 2009-01-23 05:33 95664 ----a-w- c:\documents and settings\Pokey Prasch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-20 16:27 . 2009-01-23 05:40 57825 ----a-w- c:\windows\system32\nvModes.dat
2010-07-20 00:41 . 2009-01-23 14:48 -------- d-----w- c:\program files\uTorrent
2010-07-20 00:41 . 2009-01-23 14:48 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\uTorrent
2010-07-06 02:00 . 2009-02-17 17:59 -------- d-----w- c:\program files\PeerGuardian2
2010-06-20 19:49 . 2010-06-20 19:49 -------- d-----w- c:\program files\Opcion Font Viewer
2010-06-20 19:49 . 2010-06-20 19:49 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\Chiu Software Systems
2010-06-14 14:31 . 2009-01-23 01:32 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 22:37 . 2010-06-10 22:37 3262 ----a-r- c:\documents and settings\Pokey Prasch\Application Data\Microsoft\Installer\{D61F7835-65DF-4662-9A71-CD51F8FC0CE4}\_3D3BEF138285965BE9C4E7.exe
2010-06-10 22:37 . 2010-01-07 20:50 -------- d-----w- c:\program files\Starfield
2010-06-05 22:05 . 2009-02-01 02:00 -------- d-----w- c:\documents and settings\Pokey Prasch\Application Data\Apple Computer
2010-06-02 01:18 . 2010-06-02 01:18 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-24 00:50 . 2010-06-02 23:03 73216 ----a-w- c:\documents and settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-05 16:19 . 2010-05-05 16:19 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-03 01:53 . 2010-05-03 01:53 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2010-05-03 01:53 . 2010-05-03 01:53 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2010-05-03 01:53 . 2010-05-03 01:53 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-05-03 01:43 . 2010-05-03 01:43 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-05-03 01:42 . 2010-05-03 01:41 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2010-05-03 01:41 . 2010-05-03 01:41 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_329084\EasyShrx.Dll
2010-05-03 01:41 . 2010-05-03 01:41 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-20_01.10.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-21 04:41 . 2010-07-21 04:41 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
+ 2010-07-21 04:41 . 2010-07-21 04:41 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
+ 2009-01-23 01:38 . 2010-07-21 22:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-23 01:38 . 2010-07-20 00:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-23 01:38 . 2010-07-21 22:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-23 01:38 . 2010-07-20 00:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-23 01:38 . 2010-07-21 22:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-23 01:38 . 2010-07-20 00:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-09-24 338456]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-23 7561216]
"nwiz"="nwiz.exe" [2006-03-23 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-23 73728]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]

c:\documents and settings\Pokey Prasch\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-5-5 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-15 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Turbine\\DDO Lamania Server\\dndclient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58690:TCP"= 58690:TCP:Pando Media Booster
"58690:UDP"= 58690:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/23/2009 7:43 AM 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [3/15/2010 10:56 PM 14464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/23/2009 7:43 AM 20560]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [7/5/2010 7:00 PM 14424]
S2 gupdate1ca756c2671b0df;Google Update Service (gupdate1ca756c2671b0df);c:\program files\Google\Update\GoogleUpdate.exe [12/4/2009 10:31 PM 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 05:30]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 05:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\
FF - component: c:\documents and settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\Pokey Prasch\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 16:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5964)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-21 16:11:11
ComboFix-quarantined-files.txt 2010-07-21 23:11
ComboFix2.txt 2010-07-21 03:03
ComboFix3.txt 2010-07-20 01:13

Pre-Run: 10,330,210,304 bytes free
Post-Run: 10,347,474,944 bytes free

- - End Of File - - 8E047CBFEA62E6AE52729DA5C1A3EA97

Thanks.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 July 2010 - 06:20 PM

do you still have iexplore running in the background?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 21 July 2010 - 06:50 PM

Yes, it's still running.

Attached Files

  • Attached File  wtm.jpg   144.09KB   6 downloads


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 July 2010 - 06:51 PM

Yeah, I'm not entirely sure that CF replaced the file. Please run the same OTL scan as in post 2 above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 21 July 2010 - 06:58 PM

OTL logfile created on: 7/21/2010 4:52:43 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Pokey Prasch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 9.69 Gb Free Space | 8.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POKEYPRASCH
Current User Name: Pokey Prasch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/28 02:02:44 | 001,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/08/17 09:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/21 12:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 12:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/02/21 12:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/16 09:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe
PRC - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/05 21:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 20:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/07 15:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 17:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 00:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/06/18 02:34:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/16 15:47:00 | 002,780,212 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/05 21:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\POKEYP~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/17 09:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 09:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 09:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 09:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 09:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 09:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/16 02:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/03/23 00:32:00 | 003,656,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/29 21:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/09/28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2.development.1
FF - prefs.js..extensions.enabledItems: {a3f3e150-ef43-11de-8a39-0800200c9a66}:3.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 18:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 10:29:34 | 000,000,000 | ---D | M]

[2009/01/22 19:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Extensions
[2010/07/20 22:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions
[2010/04/27 09:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}
[2010/06/02 16:03:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/07 12:09:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/07/09 12:01:44 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/07/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\https-everywhere@eff.org
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2010/07/20 22:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 13:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2009/04/24 13:27:57 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/11/20 14:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2010/07/19 18:10:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [wben] C:\Program Files\Starfield\Desktop Notifier\wben.exe (Starfield Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 18:34:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/21 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/20 19:52:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/20 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/19 18:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/19 18:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/19 17:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/19 17:44:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/19 17:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/19 17:44:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/19 17:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/19 17:43:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/19 12:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Rehab Trifold
[2010/07/19 11:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\National Night Out
[2010/07/18 15:44:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
[2010/07/14 11:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc
[2010/07/13 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\luc-chucknoris
[2010/07/13 21:33:25 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/07/13 17:27:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/12 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Malwarebytes
[2010/07/12 18:08:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/12 18:08:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/12 18:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/12 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 14:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/11 00:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/11 00:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/08 16:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Hopfest_stuff
[2010/07/05 19:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/07/05 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bluetack
[2010/06/28 11:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\harabarahand
[2010/06/28 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector
[2010/06/26 14:18:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Pokey Prasch\UserData
[2010/06/24 12:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Trifold
[2010/06/23 16:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/21 07:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Logos
[2010/06/20 12:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Opcion Font Viewer
[2010/06/20 12:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Chiu Software Systems
[2010/06/20 12:48:56 | 001,024,176 | ---- | C] (Chiu Software Systems) -- C:\Documents and Settings\Pokey Prasch\Desktop\Opcion_Installer.exe
[2010/06/02 09:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/06/01 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/05 09:19:54 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/05 09:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Leadertech
[2010/05/05 09:04:53 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010/05/05 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/05/05 08:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/05/03 04:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/02 19:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\KodakGallery
[2010/05/02 19:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Skinux
[2010/05/02 19:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\My Documents\My Print Creations
[2010/05/02 19:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\ArcSoft
[2010/05/02 19:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\ArcSoft
[2010/05/02 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/05/02 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/02 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/05/02 19:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2010/05/02 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/05/02 18:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/05/02 18:19:06 | 000,000,000 | ---D | C] -- C:\Kodak
[2010/04/28 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\cleanup
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/21 16:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/21 16:48:52 | 000,147,552 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\wtm.jpg
[2010/07/21 16:45:40 | 000,247,291 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\index(3).php
[2010/07/21 16:45:12 | 000,247,291 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\index(2).php
[2010/07/21 16:44:58 | 000,247,291 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\index.php
[2010/07/21 16:11:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/21 16:09:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/21 15:57:15 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\NTUSER.DAT
[2010/07/21 15:56:03 | 000,057,825 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/21 14:44:27 | 000,300,886 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NNO_Poster.jpg
[2010/07/21 12:07:02 | 000,250,893 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chad_and_meg.jpg
[2010/07/21 11:29:04 | 000,054,991 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Farmers_Insurance_Group.eps
[2010/07/21 11:20:58 | 013,280,426 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\MMP_078.JPG
[2010/07/21 11:03:03 | 000,113,973 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Logos NNO 001.jpg
[2010/07/21 10:38:39 | 000,076,333 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\All_About_Fun_VecLogo.pdf
[2010/07/21 10:35:27 | 000,181,251 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\allaboutfun.ai
[2010/07/21 10:34:43 | 000,198,553 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\095.JPG
[2010/07/21 09:05:25 | 000,477,118 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\TreeTop.eps
[2010/07/21 08:58:29 | 000,387,952 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Safeway.eps
[2010/07/20 22:46:43 | 006,524,342 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\01 The System.mp3
[2010/07/20 21:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/20 21:41:49 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/20 21:41:41 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/07/20 21:41:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 21:39:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pokey Prasch\ntuser.ini
[2010/07/20 19:52:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/20 16:04:39 | 000,095,664 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 16:03:46 | 000,181,248 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NextStepHousing(2).doc
[2010/07/20 16:03:42 | 000,181,248 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NextStepHousing.doc
[2010/07/20 13:07:36 | 003,068,790 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NNO2010.psd
[2010/07/20 13:04:14 | 000,548,258 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NNO2010.jpg
[2010/07/20 12:55:33 | 000,162,303 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\photo_12976_20100225.jpg
[2010/07/20 09:27:51 | 000,057,825 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/19 21:46:12 | 006,836,539 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\colage_bw.psd
[2010/07/19 21:03:10 | 004,483,805 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\rehab 002.psd
[2010/07/19 18:10:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 17:42:54 | 003,738,829 | R--- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ComboFix.exe
[2010/07/19 11:47:32 | 001,244,653 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\presskit.zip
[2010/07/18 22:37:41 | 003,550,071 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\iStock_000011967076Large.jpg
[2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
[2010/07/17 19:11:33 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 10:02:28 | 000,318,596 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_flyer.pdf
[2010/07/15 10:01:17 | 000,320,059 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_Flyer-wave.pdf
[2010/07/15 10:00:12 | 000,173,491 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer4.pdf
[2010/07/15 09:56:11 | 001,914,849 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer.ai
[2010/07/14 16:46:06 | 009,651,785 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc.zip
[2010/07/14 11:27:37 | 002,221,914 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.jpg
[2010/07/14 11:22:30 | 002,646,141 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chuck!.psd
[2010/07/14 11:18:39 | 007,518,365 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.zip
[2010/07/14 10:13:54 | 000,944,822 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad copy.ai
[2010/07/14 10:08:49 | 003,462,590 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_CommunityAd_Foamcore.jpg
[2010/07/14 09:46:39 | 009,278,837 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pwny_update.psd
[2010/07/14 09:45:48 | 001,297,120 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PNWU_Ad_upddate.tif
[2010/07/14 09:30:40 | 001,502,532 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pnwu_bg.tif
[2010/07/13 21:39:43 | 000,110,397 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/07/13 21:31:35 | 070,214,168 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AiO_071_000_201_000_CDA_DriverOnly_NonNetwork_enu_NB.exe
[2010/07/13 20:45:46 | 000,042,420 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChuckNorrisShocker001.JPG
[2010/07/13 17:25:25 | 001,776,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 15:11:16 | 005,091,679 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Mag.jpg
[2010/07/13 13:50:12 | 001,781,760 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DreamLover - Bobby Darren.mp3
[2010/07/13 09:59:09 | 000,031,676 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Hob.jpg
[2010/07/13 09:24:43 | 001,936,317 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer_back.ai
[2010/07/13 01:14:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.zip
[2010/07/13 01:07:38 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr
[2010/07/13 01:07:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\defogger_reenable
[2010/07/13 01:06:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Defogger.exe
[2010/07/12 18:08:31 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 11:45:30 | 005,312,922 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Untitled-1 copy.ai
[2010/07/12 11:37:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 00:36:38 | 000,107,329 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\26715_403575149153_60164289153_4071014_3954883_n.jpg
[2010/07/09 15:22:45 | 000,053,360 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\banner.jpg
[2010/07/09 15:04:07 | 000,384,609 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Scan 001.pdf
[2010/07/08 20:34:08 | 003,173,550 | -H-- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\IconCache.db
[2010/07/08 16:38:49 | 000,509,043 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\SavannaMontana.jpg
[2010/07/08 11:14:56 | 000,511,410 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1351.JPG
[2010/07/06 20:55:50 | 000,048,716 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\98prelude.jpg
[2010/07/05 02:57:28 | 001,226,845 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1350.JPG
[2010/07/05 02:57:22 | 001,183,528 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1349.JPG
[2010/07/05 02:56:28 | 001,190,189 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1348.JPG
[2010/07/05 02:55:52 | 001,098,001 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1347.JPG
[2010/07/05 02:55:40 | 001,113,747 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1346.JPG
[2010/07/04 08:21:00 | 001,458,608 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1345.JPG
[2010/07/04 07:29:48 | 001,305,049 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1344.JPG
[2010/07/04 07:29:42 | 001,278,321 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1343.JPG
[2010/07/04 06:48:20 | 001,245,220 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1342.JPG
[2010/07/04 06:48:06 | 001,296,698 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1341.JPG
[2010/07/04 04:06:44 | 001,435,772 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1340.JPG
[2010/07/04 04:06:36 | 001,459,167 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1339.JPG
[2010/07/01 00:20:34 | 001,548,455 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.jpg
[2010/07/01 00:19:41 | 000,736,947 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.eps
[2010/06/30 14:07:19 | 001,547,591 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Occ Med Brochure Request.pdf
[2010/06/30 10:33:06 | 000,404,356 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad.pdf
[2010/06/30 10:26:10 | 021,209,156 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Updated_SymphonyAd.pdf
[2010/06/29 16:18:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR Marketing Flyer.doc
[2010/06/29 12:35:26 | 000,772,121 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.psd
[2010/06/29 12:29:59 | 000,175,723 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo(2).jpg
[2010/06/29 12:29:58 | 000,175,723 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.jpg
[2010/06/29 12:11:27 | 000,328,352 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cardiac_yakimasymphony.pdf
[2010/06/29 09:20:50 | 000,454,110 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA1.jpg
[2010/06/29 09:20:22 | 000,462,159 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_dave l1.jpg
[2010/06/29 09:18:42 | 000,349,980 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA1.tif
[2010/06/28 19:09:51 | 006,540,674 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA_theatre.tif
[2010/06/28 19:08:20 | 000,460,437 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.jpg
[2010/06/28 19:06:25 | 000,470,340 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.jpg
[2010/06/28 19:01:06 | 005,756,090 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA.ai
[2010/06/28 18:58:23 | 004,460,620 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.tif
[2010/06/28 18:54:46 | 004,831,998 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.tif
[2010/06/28 12:43:02 | 001,567,806 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc copy.pdf
[2010/06/28 12:41:44 | 004,908,578 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc.ai
[2010/06/28 11:23:10 | 007,732,362 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector.rar
[2010/06/25 11:30:56 | 009,049,389 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.ai
[2010/06/25 10:51:15 | 002,631,902 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.pdf
[2010/06/25 10:48:26 | 002,193,856 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.tif
[2010/06/24 22:01:42 | 006,094,009 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB.ai
[2010/06/24 15:46:11 | 002,627,310 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.--FOCEREXTRA 005.jpg
[2010/06/24 15:38:51 | 002,365,747 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Exp_TriFold_Draft1.pdf
[2010/06/24 15:07:06 | 001,180,091 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YR_Logo_Rework.ai
[2010/06/24 15:06:02 | 000,960,631 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_NewLogo.eps
[2010/06/24 10:57:33 | 000,932,884 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HMA-ER Extra.pdf
[2010/06/24 10:01:29 | 002,595,282 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald copy.pdf
[2010/06/23 04:02:33 | 000,502,240 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 04:02:33 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 04:02:33 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 15:14:19 | 000,035,402 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo3.jpg
[2010/06/21 19:59:57 | 001,535,222 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVan_Banner.pdf
[2010/06/21 15:03:25 | 000,038,606 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo1.jpg
[2010/06/21 14:58:24 | 000,046,092 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo2.jpg
[2010/06/21 07:27:51 | 008,847,992 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\bg.tif
[2010/06/20 18:10:08 | 000,007,406 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\weddinginvitelogo.png
[2010/06/20 12:48:52 | 001,024,176 | ---- | M] (Chiu Software Systems) -- C:\Documents and Settings\Pokey Prasch\Desktop\Opcion_Installer.exe
[2010/06/20 11:37:03 | 000,004,874 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HeartVascCenter_200.gif
[2010/06/19 08:51:03 | 003,119,558 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\invitations.ai
[2010/06/18 22:08:13 | 000,964,774 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.psd
[2010/06/18 22:04:33 | 000,194,233 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.jpg
[2010/06/18 10:08:27 | 002,312,443 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ArtVan_Banner_Proof.psd
[2010/06/18 10:08:20 | 000,230,702 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof3.jpg
[2010/06/16 12:32:14 | 000,236,809 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof2.jpg
[2010/06/15 15:16:31 | 000,217,409 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof1.jpg
[2010/06/14 10:47:40 | 001,608,279 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ICANHAZ.JPG
[2010/06/11 11:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 22:53:44 | 000,015,979 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pomp1.jpg
[2010/06/10 17:02:58 | 000,005,128 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Turbin4.gif
[2010/06/02 11:55:29 | 000,410,512 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad.tif
[2010/06/01 18:20:21 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/01 18:18:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/01 18:18:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/01 18:18:09 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/20 20:08:00 | 001,182,344 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Sampling_Areas_2010.pdf
[2010/05/18 21:10:54 | 000,113,525 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cmferguson_resume.pdf
[2010/05/18 21:10:53 | 000,112,747 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChadF_ResumeG.pdf
[2010/05/05 09:19:54 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/05 09:05:01 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/04 15:59:56 | 000,099,915 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseIII.pdf
[2010/05/04 15:59:56 | 000,091,011 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseII.pdf
[2010/05/04 15:59:55 | 000,085,025 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\PulmonaryRehab.pdf
[2010/05/02 19:10:49 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/02 19:10:27 | 000,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/02 19:02:36 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 16:48:51 | 000,147,552 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\wtm.jpg
[2010/07/21 16:45:40 | 000,247,291 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\index(3).php
[2010/07/21 16:45:12 | 000,247,291 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\index(2).php
[2010/07/21 16:44:58 | 000,247,291 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\index.php
[2010/07/21 14:44:02 | 000,300,886 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NNO_Poster.jpg
[2010/07/21 12:06:56 | 000,250,893 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chad_and_meg.jpg
[2010/07/21 11:42:38 | 013,280,426 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\MMP_078.JPG
[2010/07/21 11:29:07 | 000,054,991 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Farmers_Insurance_Group.eps
[2010/07/21 11:03:02 | 000,113,973 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Logos NNO 001.jpg
[2010/07/21 10:38:28 | 000,076,333 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\All_About_Fun_VecLogo.pdf
[2010/07/21 10:35:25 | 000,181,251 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\allaboutfun.ai
[2010/07/21 10:30:11 | 000,198,553 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\095.JPG
[2010/07/21 09:05:26 | 000,477,118 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\TreeTop.eps
[2010/07/21 08:58:30 | 000,387,952 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Safeway.eps
[2010/07/20 22:46:31 | 006,524,342 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\01 The System.mp3
[2010/07/20 19:52:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/20 19:52:45 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/20 16:03:47 | 000,181,248 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NextStepHousing(2).doc
[2010/07/20 16:03:43 | 000,181,248 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NextStepHousing.doc
[2010/07/20 13:07:34 | 003,068,790 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NNO2010.psd
[2010/07/20 13:04:20 | 000,548,258 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\NNO2010.jpg
[2010/07/20 12:55:34 | 000,162,303 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\photo_12976_20100225.jpg
[2010/07/19 21:46:10 | 006,836,539 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\colage_bw.psd
[2010/07/19 21:03:08 | 004,483,805 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\rehab 002.psd
[2010/07/19 17:44:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/19 17:44:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/19 17:44:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/19 17:44:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/19 17:44:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/19 17:42:03 | 003,738,829 | R--- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ComboFix.exe
[2010/07/19 11:48:42 | 001,182,344 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Sampling_Areas_2010.pdf
[2010/07/19 11:47:29 | 001,244,653 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\presskit.zip
[2010/07/18 22:37:41 | 003,550,071 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\iStock_000011967076Large.jpg
[2010/07/15 09:59:33 | 000,173,491 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer4.pdf
[2010/07/15 09:57:28 | 000,318,596 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_flyer.pdf
[2010/07/15 09:56:43 | 000,320,059 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AhtanumRidge_Flyer-wave.pdf
[2010/07/14 16:46:05 | 009,651,785 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc.zip
[2010/07/14 11:26:36 | 002,221,914 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.jpg
[2010/07/14 11:18:27 | 007,518,365 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Banner.zip
[2010/07/14 10:03:12 | 003,462,590 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_CommunityAd_Foamcore.jpg
[2010/07/14 09:46:37 | 009,278,837 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pwny_update.psd
[2010/07/14 09:45:38 | 001,297,120 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PNWU_Ad_upddate.tif
[2010/07/14 09:30:38 | 001,502,532 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pnwu_bg.tif
[2010/07/13 21:33:37 | 000,110,397 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/07/13 21:33:18 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/07/13 21:26:36 | 070,214,168 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AiO_071_000_201_000_CDA_DriverOnly_NonNetwork_enu_NB.exe
[2010/07/13 21:07:30 | 002,646,141 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chuck!.psd
[2010/07/13 20:45:46 | 000,042,420 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChuckNorrisShocker001.JPG
[2010/07/13 14:02:49 | 005,091,679 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YHD_Mag.jpg
[2010/07/13 13:50:06 | 001,781,760 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DreamLover - Bobby Darren.mp3
[2010/07/13 09:59:05 | 000,031,676 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Hob.jpg
[2010/07/13 01:15:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.exe
[2010/07/13 01:14:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.zip
[2010/07/13 01:07:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr
[2010/07/13 01:07:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\defogger_reenable
[2010/07/13 01:06:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Defogger.exe
[2010/07/12 18:08:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 11:45:30 | 005,312,922 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Untitled-1 copy.ai
[2010/07/12 00:36:37 | 000,107,329 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\26715_403575149153_60164289153_4071014_3954883_n.jpg
[2010/07/09 15:20:47 | 000,053,360 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\banner.jpg
[2010/07/09 15:04:08 | 000,384,609 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Scan 001.pdf
[2010/07/08 16:38:46 | 000,509,043 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\SavannaMontana.jpg
[2010/07/08 16:21:53 | 001,936,317 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer_back.ai
[2010/07/06 21:06:49 | 001,459,167 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1339.JPG
[2010/07/06 21:06:49 | 001,458,608 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1345.JPG
[2010/07/06 21:06:49 | 001,435,772 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1340.JPG
[2010/07/06 21:06:49 | 001,305,049 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1344.JPG
[2010/07/06 21:06:49 | 001,296,698 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1341.JPG
[2010/07/06 21:06:49 | 001,278,321 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1343.JPG
[2010/07/06 21:06:49 | 001,245,220 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1342.JPG
[2010/07/06 21:06:49 | 001,226,845 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1350.JPG
[2010/07/06 21:06:49 | 001,190,189 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1348.JPG
[2010/07/06 21:06:49 | 001,183,528 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1349.JPG
[2010/07/06 21:06:49 | 001,113,747 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1346.JPG
[2010/07/06 21:06:49 | 001,098,001 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1347.JPG
[2010/07/06 21:06:49 | 000,511,410 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\DSCN1351.JPG
[2010/07/06 11:33:02 | 000,944,822 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad copy.ai
[2010/07/06 11:21:04 | 001,914,849 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR_Marketing flyer.ai
[2010/07/01 00:20:28 | 001,548,455 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.jpg
[2010/07/01 00:19:38 | 000,736,947 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\New_Logo.eps
[2010/06/30 14:07:19 | 001,547,591 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Occ Med Brochure Request.pdf
[2010/06/30 10:33:09 | 000,404,356 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AA Community Investment Ad.pdf
[2010/06/29 16:18:48 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR Marketing Flyer.doc
[2010/06/29 12:39:35 | 021,209,156 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Updated_SymphonyAd.pdf
[2010/06/29 12:35:25 | 000,772,121 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.psd
[2010/06/29 12:30:01 | 000,175,723 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo(2).jpg
[2010/06/29 12:29:58 | 000,175,723 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.jpg
[2010/06/29 12:11:29 | 000,328,352 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cardiac_yakimasymphony.pdf
[2010/06/29 09:14:23 | 000,462,159 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_dave l1.jpg
[2010/06/29 09:10:13 | 000,349,980 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA1.tif
[2010/06/29 09:07:29 | 000,454,110 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA1.jpg
[2010/06/28 19:09:41 | 006,540,674 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad_DavidA_theatre.tif
[2010/06/28 19:08:17 | 000,460,437 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.jpg
[2010/06/28 19:06:17 | 000,470,340 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.jpg
[2010/06/28 19:01:00 | 005,756,090 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_davidA.ai
[2010/06/28 18:58:14 | 004,460,620 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DavidA.tif
[2010/06/28 18:54:33 | 004,831,998 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB_DaveL.tif
[2010/06/28 12:42:49 | 001,567,806 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc copy.pdf
[2010/06/28 12:41:36 | 004,908,578 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_reception_Luc.ai
[2010/06/28 11:20:37 | 007,732,362 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector.rar
[2010/06/24 23:46:34 | 003,016,762 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\wedding_invite_2.ai
[2010/06/24 21:53:55 | 002,631,902 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.pdf
[2010/06/24 21:33:19 | 002,193,856 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.tif
[2010/06/24 15:46:05 | 002,627,310 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.--FOCEREXTRA 005.jpg
[2010/06/24 15:37:00 | 002,365,747 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Exp_TriFold_Draft1.pdf
[2010/06/24 15:05:59 | 000,960,631 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_NewLogo.eps
[2010/06/24 10:57:31 | 000,932,884 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HMA-ER Extra.pdf
[2010/06/24 10:32:18 | 006,094,009 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ERExtra_ElecBB.ai
[2010/06/24 10:01:22 | 002,595,282 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald copy.pdf
[2010/06/23 12:53:44 | 009,049,389 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald.ai
[2010/06/22 15:14:19 | 000,035,402 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo3.jpg
[2010/06/21 15:03:25 | 000,038,606 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo1.jpg
[2010/06/21 14:58:24 | 000,046,092 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_Logo2.jpg
[2010/06/21 07:27:48 | 008,847,992 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\bg.tif
[2010/06/20 18:10:08 | 000,007,406 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\weddinginvitelogo.png
[2010/06/20 11:37:02 | 000,004,874 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\HeartVascCenter_200.gif
[2010/06/18 22:36:15 | 003,119,558 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\invitations.ai
[2010/06/18 22:08:12 | 000,964,774 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.psd
[2010/06/18 22:04:33 | 000,194,233 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.jpg
[2010/06/18 11:02:40 | 001,535,222 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVan_Banner.pdf
[2010/06/18 10:08:19 | 000,230,702 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof3.jpg
[2010/06/16 12:32:13 | 000,236,809 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof2.jpg
[2010/06/15 15:16:29 | 000,217,409 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ArtVanBnr_proof1.jpg
[2010/06/15 15:15:42 | 002,312,443 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ArtVan_Banner_Proof.psd
[2010/06/14 22:55:01 | 001,608,279 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ICANHAZ.JPG
[2010/06/10 22:53:44 | 000,015,979 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pomp1.jpg
[2010/06/10 17:02:57 | 000,005,128 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Turbin4.gif
[2010/06/02 11:51:57 | 000,410,512 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad.tif
[2010/06/01 18:35:39 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 14:27:30 | 001,180,091 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YR_Logo_Rework.ai
[2010/05/23 21:57:55 | 000,048,716 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\98prelude.jpg
[2010/05/18 21:10:54 | 000,113,525 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\cmferguson_resume.pdf
[2010/05/18 21:10:52 | 000,112,747 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ChadF_ResumeG.pdf
[2010/05/05 09:05:01 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/04 15:59:56 | 000,099,915 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseIII.pdf
[2010/05/04 15:59:55 | 000,085,025 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\PulmonaryRehab.pdf
[2010/05/04 15:59:53 | 000,091,011 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseII.pdf
[2010/05/02 19:10:49 | 000,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/02 19:10:49 | 000,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/02 19:02:36 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/02/21 22:58:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/07/17 14:40:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/07 03:28:41 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/04/27 12:48:45 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/10 02:26:20 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/03/10 02:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/23 08:10:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/23 08:10:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/23 08:10:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/22 22:26:08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/22 22:26:08 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/22 22:26:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/22 22:26:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/22 22:26:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/01/22 22:23:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== LOP Check ==========

[2009/02/17 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/04/24 13:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/01/19 09:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/18 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/31 19:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/19 09:33:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/02/17 21:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Ashampoo
[2009/06/18 01:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Auslogics
[2010/06/20 12:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Chiu Software Systems
[2009/06/08 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/13 13:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Costco Photo Viewer US
[2010/03/07 19:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Facebook
[2009/02/17 20:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Free-backup.info
[2009/01/22 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\GetRightToGo
[2010/05/05 09:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Leadertech
[2009/06/23 12:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\MyPublisher
[2009/03/03 17:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Opera
[2010/05/02 19:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Skinux
[2009/11/28 00:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Smith Micro
[2010/01/07 23:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\SystemRequirementsLab
[2009/04/09 12:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Turbine
[2010/07/19 17:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\uTorrent
[2009/02/18 16:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 17:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/13 17:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2004/08/04 03:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/13 11:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 17:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 17:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 17:12:04 | 000,433,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2008/04/13 17:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 17:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 17:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 17:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 17:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2008/04/13 10:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/22 07:26:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/22 07:26:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/22 07:26:02 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/01/22 18:34:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/22 18:21:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/20 19:52:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/21 16:11:11 | 000,016,751 | ---- | M] () -- C:\ComboFix.txt
[2009/01/22 18:34:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/22 18:34:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/22 18:34:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/23 07:32:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/20 21:41:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 09:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2004/08/04 03:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 July 2010 - 07:56 PM

Nope, they're still there. OK, boot into the recovery console as before. It's important you follow these instructions exactly, or your computer may not boot, except into the Recovery Console. Type each bold line at the prompt, then press Enter. The italics underneath each line tell you what to expect.

cd \
you should go to the root directory

ren C:\WINDOWS\system32\user32.dll user32.old
you should get a new prompt

copy C:\WINDOWS\ServicePackFiles\i386\user32.dll c:\windows\system32\
you should see "1 file(s) copied"

ren C:\WINDOWS\system32\ws2_32.dll ws2_32.old
you should get a new prompt

copy C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll c:\windows\system32\
you should see "1 file(s) copied"

exit
it should reboot. boot into windows normally

Then post a fresh OTL log as before, including the custom scans. Let me know if you're still having that rogue process.

EDIT: Close bold tag.

Edited by etavares, 21 July 2010 - 07:57 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 PokeyPrasch

PokeyPrasch
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:WA st. USA
  • Local time:07:21 PM

Posted 21 July 2010 - 09:08 PM

etavares,

Somehow- even with your idiot-proof instructions I managed to screw this up.

-----
cd \
you should go to the root directory

ren C:\WINDOWS\system32\user32.dll user32.old
you should get a new prompt

copy C:\WINDOWS\ServicePackFiles\i386\user32.dll c:\windows\system32\ <-I think this is where I messed up, I left off this portion because the print out spaced it to the next line. I then retyped it correctly, will this cause any problems?
you should see "1 file(s) copied"

ren C:\WINDOWS\system32\ws2_32.dll ws2_32.old
you should get a new prompt

copy C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll c:\windows\system32\
you should see "1 file(s) copied"

exit
it should reboot. boot into windows normally
----
I can start up just fine now, but will I run into any problems because of that mistake?
"iexplore.exe" is still running, it doesn't start right away but usually within 15minutes of restart


OTL Log:

OTL logfile created on: 7/21/2010 7:41:25 PM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Pokey Prasch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 25.40 Gb Free Space | 22.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POKEYPRASCH
Current User Name: Pokey Prasch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
PRC - [2010/06/28 10:29:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/17 09:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/21 12:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 12:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/02/21 12:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/16 09:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe
PRC - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/05 21:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 20:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/07 15:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 17:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/29 00:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/17 09:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 09:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 09:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 08:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/06/18 02:34:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/16 15:47:00 | 002,780,212 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/02/21 12:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/02/21 12:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/02/21 12:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/05 21:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\POKEYP~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/17 09:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 09:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 09:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 09:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 09:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 09:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/16 02:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/03/23 00:32:00 | 003,656,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/29 21:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/09/28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.2.2.development.1
FF - prefs.js..extensions.enabledItems: {a3f3e150-ef43-11de-8a39-0800200c9a66}:3.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 18:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 10:29:34 | 000,000,000 | ---D | M]

[2009/01/22 19:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Extensions
[2010/07/20 22:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions
[2010/04/27 09:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}
[2010/06/02 16:03:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/06/07 12:09:12 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/07/09 12:01:44 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/07/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\https-everywhere@eff.org
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/03/16 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pokey Prasch\Application Data\Mozilla\Firefox\Profiles\ksc92g2y.default\extensions\{a3f3e150-ef43-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2010/07/20 22:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 13:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2009/04/24 13:27:57 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/11/20 14:34:44 | 000,218,624 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2010/07/19 18:10:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1645522239-630328440-682003330-1004..\Run: [wben] C:\Program Files\Starfield\Desktop Notifier\wben.exe (Starfield Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.224.36 24.205.192.61
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 18:34:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/21 19:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\KodakCredentialStore
[2010/07/21 17:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding Stuff
[2010/07/21 16:59:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/21 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/20 19:52:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/20 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/19 18:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/19 18:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/19 17:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/19 17:44:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/19 17:44:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/19 17:44:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/19 17:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/19 17:43:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/19 11:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\National Night Out
[2010/07/18 15:44:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
[2010/07/14 11:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Luc
[2010/07/13 21:33:25 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2010/07/13 17:27:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/12 18:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Malwarebytes
[2010/07/12 18:08:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/12 18:08:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/12 18:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/12 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 14:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/11 00:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/11 00:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/08 16:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Hopfest_stuff
[2010/07/05 19:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/07/05 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bluetack
[2010/06/28 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\Wedding_vector
[2010/06/26 14:18:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Pokey Prasch\UserData
[2010/06/23 16:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/20 12:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Opcion Font Viewer
[2010/06/20 12:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Chiu Software Systems
[2010/06/02 09:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/01 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/06/01 18:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/05 09:19:54 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/05 09:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Leadertech
[2010/05/05 09:04:53 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010/05/05 09:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/05/05 08:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/05/03 04:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/02 19:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\KodakGallery
[2010/05/02 19:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\Skinux
[2010/05/02 19:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\My Documents\My Print Creations
[2010/05/02 19:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\ArcSoft
[2010/05/02 19:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Application Data\ArcSoft
[2010/05/02 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/05/02 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/02 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/05/02 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/05/02 18:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/05/02 18:19:06 | 000,000,000 | ---D | C] -- C:\Kodak
[2010/04/28 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pokey Prasch\Desktop\cleanup
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/21 19:23:18 | 000,057,825 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/21 19:23:13 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/21 19:23:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/21 19:23:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/07/21 19:22:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/21 19:22:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/21 18:45:40 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\NTUSER.DAT
[2010/07/21 18:45:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pokey Prasch\ntuser.ini
[2010/07/21 17:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/21 17:30:50 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 16:09:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/21 11:29:04 | 000,054,991 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Farmers_Insurance_Group.eps
[2010/07/20 19:52:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/20 16:04:39 | 000,095,664 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 09:27:51 | 000,057,825 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/19 21:46:12 | 006,836,539 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\colage_bw.psd
[2010/07/19 21:03:10 | 004,483,805 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\rehab 002.psd
[2010/07/19 18:10:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/19 17:42:54 | 003,738,829 | R--- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ComboFix.exe
[2010/07/18 15:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pokey Prasch\Desktop\OTL.exe
[2010/07/14 11:22:30 | 002,646,141 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chuck!.psd
[2010/07/14 09:46:39 | 009,278,837 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pwny_update.psd
[2010/07/13 21:39:43 | 000,110,397 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/07/13 17:25:25 | 001,776,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 01:14:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.zip
[2010/07/13 01:07:38 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr
[2010/07/13 01:07:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\defogger_reenable
[2010/07/13 01:06:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Defogger.exe
[2010/07/12 18:08:31 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 11:45:30 | 005,312,922 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Untitled-1 copy.ai
[2010/07/12 11:37:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 20:34:08 | 003,173,550 | -H-- | M] () -- C:\Documents and Settings\Pokey Prasch\Local Settings\Application Data\IconCache.db
[2010/06/30 10:26:10 | 021,209,156 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Updated_SymphonyAd.pdf
[2010/06/29 16:18:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR Marketing Flyer.doc
[2010/06/29 12:35:26 | 000,772,121 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.psd
[2010/06/25 10:48:26 | 002,193,856 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.tif
[2010/06/24 15:46:11 | 002,627,310 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.--FOCEREXTRA 005.jpg
[2010/06/24 10:01:29 | 002,595,282 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald copy.pdf
[2010/06/23 04:02:33 | 000,502,240 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 04:02:33 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 04:02:33 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 07:27:51 | 008,847,992 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\bg.tif
[2010/06/20 18:10:08 | 000,007,406 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\weddinginvitelogo.png
[2010/06/18 22:08:13 | 000,964,774 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.psd
[2010/06/11 11:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/02 11:55:29 | 000,410,512 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad.tif
[2010/06/01 18:20:21 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/01 18:18:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/01 18:18:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/01 18:18:09 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 09:19:54 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/05 09:05:01 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/04 15:59:56 | 000,099,915 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseIII.pdf
[2010/05/04 15:59:56 | 000,091,011 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseII.pdf
[2010/05/04 15:59:55 | 000,085,025 | ---- | M] () -- C:\Documents and Settings\Pokey Prasch\My Documents\PulmonaryRehab.pdf
[2010/05/02 19:10:49 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/02 19:10:27 | 000,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 11:29:07 | 000,054,991 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Farmers_Insurance_Group.eps
[2010/07/20 19:52:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/20 19:52:45 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/19 21:46:10 | 006,836,539 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\colage_bw.psd
[2010/07/19 21:03:08 | 004,483,805 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\rehab 002.psd
[2010/07/19 17:44:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/19 17:44:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/19 17:44:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/19 17:44:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/19 17:44:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/19 17:42:03 | 003,738,829 | R--- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ComboFix.exe
[2010/07/14 09:46:37 | 009,278,837 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\pwny_update.psd
[2010/07/13 21:33:37 | 000,110,397 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/07/13 21:33:18 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/07/13 21:07:30 | 002,646,141 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\chuck!.psd
[2010/07/13 01:15:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.exe
[2010/07/13 01:14:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\gmer.zip
[2010/07/13 01:07:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\dds.scr
[2010/07/13 01:07:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\defogger_reenable
[2010/07/13 01:06:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Defogger.exe
[2010/07/12 18:08:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 11:45:30 | 005,312,922 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Untitled-1 copy.ai
[2010/06/29 16:18:48 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\AR Marketing Flyer.doc
[2010/06/29 12:39:35 | 021,209,156 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\Updated_SymphonyAd.pdf
[2010/06/29 12:35:25 | 000,772,121 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\PCI SCPC Acred Logo.psd
[2010/06/24 21:33:19 | 002,193,856 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.tif
[2010/06/24 15:46:05 | 002,627,310 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\David A.--FOCEREXTRA 005.jpg
[2010/06/24 10:01:22 | 002,595,282 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\YRH_ERExtra_Herald copy.pdf
[2010/06/21 07:27:48 | 008,847,992 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\bg.tif
[2010/06/20 18:10:08 | 000,007,406 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\weddinginvitelogo.png
[2010/06/18 22:08:12 | 000,964,774 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\sunflower3.psd
[2010/06/02 11:51:57 | 000,410,512 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Desktop\ER_Extra_ad.tif
[2010/06/01 18:35:39 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 09:05:01 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/04 15:59:56 | 000,099,915 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseIII.pdf
[2010/05/04 15:59:55 | 000,085,025 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\PulmonaryRehab.pdf
[2010/05/04 15:59:53 | 000,091,011 | ---- | C] () -- C:\Documents and Settings\Pokey Prasch\My Documents\CR_PhaseII.pdf
[2010/05/02 19:10:49 | 000,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/02 19:10:49 | 000,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/21 22:58:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/07/17 14:40:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/07 03:28:41 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/04/27 12:48:45 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/10 02:26:20 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/03/10 02:26:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/23 08:10:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/23 08:10:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/23 08:10:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/22 22:26:08 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/22 22:26:08 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/22 22:26:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/22 22:26:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/22 22:26:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/01/22 22:23:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== LOP Check ==========

[2009/02/17 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/04/24 13:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/01/19 09:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/18 15:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/01/31 19:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/01/19 09:33:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/02/17 21:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Ashampoo
[2009/06/18 01:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Auslogics
[2010/06/20 12:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Chiu Software Systems
[2009/06/08 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/13 13:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Costco Photo Viewer US
[2010/03/07 19:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Facebook
[2009/02/17 20:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Free-backup.info
[2009/01/22 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\GetRightToGo
[2010/05/05 09:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Leadertech
[2009/06/23 12:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\MyPublisher
[2009/03/03 17:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Opera
[2010/05/02 19:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Skinux
[2009/11/28 00:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Smith Micro
[2010/01/07 23:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\SystemRequirementsLab
[2009/04/09 12:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Turbine
[2010/07/19 17:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\uTorrent
[2009/02/18 16:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pokey Prasch\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 17:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 17:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/13 17:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2008/04/13 11:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 17:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 17:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 17:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 17:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 17:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 17:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 10:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/22 07:26:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/22 07:26:02 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/22 07:26:02 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/01/22 18:34:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/22 18:21:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/20 19:52:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/21 16:11:11 | 000,016,751 | ---- | M] () -- C:\ComboFix.txt
[2009/01/22 18:34:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/22 18:34:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/22 18:34:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/23 07:32:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/21 19:22:46 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\USER32.DLL
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\user32.old
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\ws2_32.old

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/23 07:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 09:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\USER32.DLL
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2004/08/04 03:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Edited by PokeyPrasch, 21 July 2010 - 10:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users