Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c000021a after combofix


  • This topic is locked This topic is locked
14 replies to this topic

#1 xmn

xmn

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 23 September 2010 - 12:22 PM

Hi, everyone! TIA for any help...

I'm working on a WinXPPro system infected with a fake antivirus malware.

I ran SuperAntiSpyware from UBCD4Win, then ran Combofix in Safe Mode w/ Networking from the infected system. It installed the Restore Console, and detected rootkit activity.

I rebooted to continue Combofix, but then rebooted into regular mode, not safe mode. Combofix continued to run and I stepped away. When I returned, I saw the following BSOD, which I now also get on reboot. When the system boots I get past the scrolling WinXP logo, get to the usual blue background, but before I get a logon window I get the following BSOD

Stop: 0xC000021A {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xC0000022 (0x00000000, 0x00000000)
The system has been shut down.

I've tried to boot into Safe Mode and do Last Known Good Configuration, but neither work - I get the same BSOD.

I can access the filesytem from my UBCD4Win, and I can access the registry remotely from there as well. I have a variety of files and folders in my qoobox directory from when Combofix ran, but I'm not sure what I should do / how I should use these to get the system booting again.

What info should I post and/or what should I do at this point?

Thanks again!

EDIT: Added detailed stop info

Edited by xmn, 23 September 2010 - 01:32 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 23 September 2010 - 10:27 PM

Please download OTLPE.zip from any of the following locations and save it to a flash drive.

Link One
Link Two

Extract OTLPE.zip to its own folder in your flash drive such as, OTLPE.

Plug your flash drive into your troubled computer and follow these steps:

Start the Computer with the UBCD4Win Disc

Click My computer from your UBCD4W desktop and navigate to the OTLPE folder you saved in your flash drive.

Open the OTLPE folder and double click Start.cmd.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 xmn

xmn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 23 September 2010 - 11:45 PM

Thanks so much for your help! Here is the OTL log:

OTL logfile created on: 9/23/2010 9:38:32 PM - Run
OTLPE by OldTimer - Version 3.1.42.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 48.00% Memory free
463.00 Mb Paging File | 301.00 Mb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 217.87 Gb Free Space | 93.21% Space Free | Partition Type: NTFS
Drive D: | 116.74 Mb Total Space | 115.61 Mb Free Space | 99.04% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 695.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BARTPE-21588
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2008/10/09 10:29:30 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2008/10/09 10:29:20 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2008/10/09 10:28:06 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/10/09 10:27:28 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2005/12/12 22:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/10/22 19:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/20 06:25:00 | 000,322,120 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/09/20 22:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\robg\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/08/31 14:19:10 | 000,041,624 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2010/07/29 13:32:54 | 000,124,072 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/12/31 16:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 18:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/09 12:10:48 | 000,012,800 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\mvb35316.sys -- (mvb35316)
DRV - [2008/10/09 10:28:10 | 000,025,184 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/10/09 10:28:08 | 000,039,776 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2008/08/14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 00:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 19:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 18:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 18:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 18:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 18:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 17:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 17:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 17:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 17:36:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/29 02:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/29 01:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/05/03 16:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/19 14:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/04 12:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 12:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 12:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 12:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 12:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 12:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 12:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 12:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 12:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 12:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2003/06/02 20:42:14 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/13 18:34:48 | 000,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 20:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Allan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Allan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\austin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\austin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\austin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\Brian_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Brian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\gary_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\gary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\gary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\jan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\jeffrey_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jeffrey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\jwd_main_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jwd_main_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\ken_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\ken_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ken_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\kevin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\kevin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\lew_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\lew_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\mary_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\mary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\mike_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\randy_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\randy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\robg_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\robg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\whitey_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\whitey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/02 00:37:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/23 15:38:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Allan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\austin_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Brian_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jan_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jeffrey_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ken_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\lew_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lew_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mary_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mike_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\robg_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\robg_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF25642.cfx File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE File not found
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe File not found
O4 - HKU\Allan_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\austin_ON_C..\Run: [] File not found
O4 - HKU\austin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\austin_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\austin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\austin_ON_C..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe File not found
O4 - HKU\austin_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Brian_ON_C..\Run: [] File not found
O4 - HKU\Brian_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\gary_ON_C..\Run: [] File not found
O4 - HKU\gary_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jan_ON_C..\Run: [] File not found
O4 - HKU\jan_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jeffrey_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jwd_main_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jwd_main_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\ken_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\ken_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\kevin_ON_C..\Run: [] File not found
O4 - HKU\kevin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mary_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mike_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mike_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKU\mike_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\randy_ON_C..\Run: [] File not found
O4 - HKU\randy_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\randy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\whitey_ON_C..\Run: [] File not found
O4 - HKU\whitey_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF25642.cfx File not found
O4 - HKU\gary_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe File not found
O4 - HKU\mike_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\lew\Start Menu\Programs\Startup\Shortcut to Outlook.lnk = File not found
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\FileOpenAPI.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Allan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\austin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 1
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = photoed.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = fxrdpclp.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = winlogon.exe ()
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = acrotray.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = crss.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = userinit.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = smss.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = lsass.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = regedit.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = doesexists.reg
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = aclt.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = fsm32.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = userinit.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = smss.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = crss.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = aclt.exe
O7 - HKU\jan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jeffrey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jwd_main_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ken_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = kodakimg.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21 = fsm32.exe
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = fsm32.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21 = AcroRd32.exe
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = suretrak.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = outlook.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1168390310773 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://server/jre-1_5_0_10-windows-i586-p.exe (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jwdci.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/09 18:52:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 14:43:16 | 000,000,156 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/11/02 23:05:00 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/23 15:38:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/23 15:14:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/23 15:11:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/23 15:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/23 15:04:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/23 15:04:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/23 15:04:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/23 15:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/23 15:03:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/23 15:01:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/23 14:58:01 | 000,000,000 | ---D | C] -- C:\Fix
[2010/09/23 14:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\robg\Application Data\Macromedia
[2010/09/22 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/22 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/10 00:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Sun
[2010/09/10 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Local Settings\Application Data\Google
[2010/09/10 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Google
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\Timecards
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\SRI Add. Work
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\San Miguel
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\My eBooks
[2010/09/10 00:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\Canon
[2010/09/07 20:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Identities
[2010/09/07 20:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents\My Music
[2010/09/07 20:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents\My Pictures
[2010/09/07 20:11:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Allan\Application Data\Microsoft
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\SendTo
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\Recent
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\Application Data
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Start Menu
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Favorites
[2010/09/07 20:11:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Allan\Cookies
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\Templates
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\PrintHood
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\NetHood
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\Local Settings
[2010/09/07 20:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Local Settings\Application Data\Microsoft
[2010/09/07 20:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gary\Desktop\*.tmp files -> C:\Documents and Settings\gary\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\austin\*.tmp files -> C:\Documents and Settings\austin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/23 21:27:07 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\randy\NTUSER.DAT
[2010/09/23 17:16:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/23 17:16:11 | 536,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 15:39:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/23 15:39:43 | 000,225,280 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/23 15:39:19 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\robg\NTUSER.DAT
[2010/09/23 15:39:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\robg\ntuser.ini
[2010/09/23 15:38:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/23 15:29:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/23 15:28:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/23 15:28:51 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/23 15:11:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/23 07:52:18 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2010/09/23 07:52:18 | 001,925,120 | -H-- | M] () -- C:\Documents and Settings\gary\NTUSER.DAT
[2010/09/23 07:52:18 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\jan\NTUSER.DAT
[2010/09/23 07:52:17 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\jeffrey\NTUSER.DAT
[2010/09/23 07:52:17 | 004,009,984 | -H-- | M] () -- C:\Documents and Settings\mary\NTUSER.DAT
[2010/09/23 07:52:17 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2010/09/23 07:52:16 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\ken\NTUSER.DAT
[2010/09/23 07:52:16 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2010/09/23 07:52:16 | 002,093,056 | -H-- | M] () -- C:\Documents and Settings\lew\NTUSER.DAT
[2010/09/23 00:18:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\randy\ntuser.ini
[2010/09/23 00:17:00 | 004,834,178 | -H-- | M] () -- C:\Documents and Settings\randy\Local Settings\Application Data\IconCache.db
[2010/09/22 23:24:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/22 17:19:26 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Timecard.xls
[2010/09/10 14:25:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Allan\ntuser.ini
[2010/09/10 14:25:06 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Allan\NTUSER.DAT
[2010/09/10 14:24:56 | 004,826,764 | -H-- | M] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\IconCache.db
[2010/09/10 00:26:55 | 000,000,036 | ---- | M] () -- C:\WINDOWS\PrmSymPk32.INI
[2010/09/10 00:25:46 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Expedition.url
[2010/09/10 00:24:57 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\Allan\My Documents\Default.rdp
[2010/09/10 00:24:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/10 00:24:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Outlook.lnk
[2010/09/07 20:36:59 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Word.lnk
[2010/09/07 20:36:31 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Excel.lnk
[2010/09/07 20:28:04 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\JWD Server.lnk
[2010/09/07 20:19:44 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/07 20:12:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 20:12:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/31 21:09:38 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Projects.lnk
[2010/08/31 14:19:10 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/08/26 14:46:29 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Expedition.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gary\Desktop\*.tmp files -> C:\Documents and Settings\gary\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\austin\*.tmp files -> C:\Documents and Settings\austin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/23 16:02:57 | 536,137,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/23 15:11:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/23 15:11:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/23 15:04:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/23 15:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/23 15:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/23 15:04:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/23 15:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/10 00:24:28 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/10 00:23:51 | 000,091,386 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\www.watersealant.com-specwater0001.mdi
[2010/09/10 00:23:50 | 000,083,814 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\www.watersealant.com-specwater.mdi
[2010/09/10 00:23:50 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\TRILOGY WINE LIBRARY.doc
[2010/09/10 00:23:50 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Village.doc
[2010/09/10 00:23:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Village @ Nipomo Punch list.doc
[2010/09/10 00:23:50 | 000,010,929 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\SM fire water connection.pdf
[2010/09/10 00:23:50 | 000,010,859 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\trench drain catch basin connections.pdf
[2010/09/10 00:23:50 | 000,010,697 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Wallace sewer lateral location.pdf
[2010/09/10 00:23:50 | 000,010,682 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\San Miguel grid lines.pdf
[2010/09/10 00:23:50 | 000,010,591 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Tank Farm Dry Utilities.pdf
[2010/09/10 00:23:50 | 000,010,548 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\test.pdf
[2010/09/10 00:23:49 | 000,089,067 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Howards appliances misc orders.pdf
[2010/09/10 00:23:49 | 000,089,067 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\FireInserts052606.pdf
[2010/09/10 00:23:49 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\nipomo fax.doc
[2010/09/10 00:23:49 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Oscar Vissor punch list.doc
[2010/09/10 00:23:49 | 000,010,881 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\S.M. Anchor bolt embedment.pdf
[2010/09/10 00:23:49 | 000,010,779 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\MW Arch. S.M. Sidewalks.pdf
[2010/09/10 00:23:49 | 000,010,767 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\hose station.pdf
[2010/09/10 00:23:49 | 000,010,476 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Peachey water meters.pdf
[2010/09/10 00:23:48 | 000,046,646 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Dobitz.pdf
[2010/09/10 00:23:48 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Bldg K Exterior.doc
[2010/09/10 00:23:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL MIXED USE PUNCH LIST.doc
[2010/09/10 00:23:48 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL MIXED USE Grizzle.doc
[2010/09/10 00:23:48 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL - PRO COATINGS PUNCH LIST.doc
[2010/09/10 00:23:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Bldg K Site.doc
[2010/09/10 00:23:48 | 000,011,002 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Dry Utilities.pdf
[2010/09/10 00:23:48 | 000,010,869 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Fire access doors.pdf
[2010/09/10 00:23:48 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon Peachey.pdf
[2010/09/10 00:23:48 | 000,010,617 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon relief valve.pdf
[2010/09/10 00:23:48 | 000,010,473 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon Peachey gas laterals.pdf
[2010/09/10 00:23:47 | 000,385,100 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\00-8021 E2.mdi
[2010/09/10 00:23:47 | 000,319,511 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\4535 - 380 Front Street - Martin Rev3 06_06-08.pdf
[2010/09/10 00:23:47 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\archive.pst
[2010/09/10 00:23:47 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\ Lease_Rent Agreement.doc
[2010/09/10 00:23:47 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\ACO Homedrain.url
[2010/09/10 00:22:32 | 000,450,698 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\w-3.bmp
[2010/09/10 00:22:32 | 000,041,325 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\pinoh steps.pdf
[2010/09/10 00:22:32 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\SureTrak.lnk
[2010/09/10 00:22:32 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Timecards.lnk
[2010/09/10 00:22:32 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Expedition.url
[2010/09/10 00:22:32 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Projects.lnk
[2010/09/07 20:36:35 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Outlook.lnk
[2010/09/07 20:36:31 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Excel.lnk
[2010/09/07 20:36:24 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Word.lnk
[2010/09/07 20:28:04 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\JWD Server.lnk
[2010/09/07 20:26:43 | 000,001,732 | -H-- | C] () -- C:\Documents and Settings\Allan\My Documents\Default.rdp
[2010/09/07 20:12:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 20:12:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/07 20:11:15 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Allan\ntuser.ini
[2010/09/07 20:11:12 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Allan\NTUSER.DAT
[2010/09/07 20:11:12 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Allan\ntuser.dat.LOG
[2009/10/13 16:50:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\mike\.plugin141_02.trace
[2009/10/13 16:48:02 | 000,000,384 | -HS- | C] () -- C:\Documents and Settings\mike\ntuser.ini
[2009/08/17 00:43:42 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2009/08/17 00:43:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\mike\ntuser.dat.LOG
[2009/06/30 16:23:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\robg\ntuser.ini
[2009/06/30 16:23:07 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\robg\NTUSER.DAT
[2009/06/30 16:23:07 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\robg\ntuser.dat.LOG
[2009/02/25 11:05:55 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/10/03 20:13:39 | 000,038,503 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Excel.ADR
[2008/10/03 20:13:39 | 000,038,497 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Access.ADR
[2008/05/22 22:47:35 | 000,037,623 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Comma Separated Values (Windows).ADR
[2008/05/22 22:47:19 | 000,038,524 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Microsoft Excel.ADR
[2008/04/28 22:04:57 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\lew\.plugin141_02.trace
[2008/04/28 22:04:38 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\lew\plugin131_02.trace
[2008/04/28 22:04:33 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\lew\ntuser.dat.LOG
[2008/04/28 22:04:33 | 000,000,278 | -H-- | C] () -- C:\Documents and Settings\lew\ntuser.ini
[2008/04/28 22:04:32 | 002,093,056 | -H-- | C] () -- C:\Documents and Settings\lew\NTUSER.DAT
[2008/02/19 23:37:46 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\gary\.plugin141_02.trace
[2008/02/19 23:37:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\gary\ntuser.dat.LOG
[2008/02/19 23:37:14 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\gary\ntuser.ini
[2008/02/19 23:37:13 | 001,925,120 | -H-- | C] () -- C:\Documents and Settings\gary\NTUSER.DAT
[2008/02/13 23:48:32 | 000,005,032 | ---- | C] () -- C:\Documents and Settings\kevin\.plugin141_02.trace
[2008/02/13 23:48:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\kevin\ntuser.dat.LOG
[2008/02/13 23:48:19 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\kevin\ntuser.ini
[2008/02/13 23:48:18 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2008/02/13 23:44:22 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\whitey\.plugin141_02.trace
[2008/02/13 23:44:15 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\whitey\JWD Timecard.xls
[2008/02/13 23:44:08 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\whitey\ntuser.dat.LOG
[2008/02/13 23:44:08 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\whitey\ntuser.ini
[2008/02/13 23:44:07 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\whitey\NTUSER.DAT
[2008/02/08 21:09:39 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\jan\.plugin141_02.trace
[2008/02/08 21:09:17 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\jan\NTUSER.DAT
[2008/02/08 21:09:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jan\ntuser.dat.LOG
[2008/02/08 21:09:17 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\jan\ntuser.ini
[2007/11/15 16:25:18 | 000,007,243 | ---- | C] () -- C:\Documents and Settings\randy\.plugin141_02.trace
[2007/11/15 16:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\randy\MPNTLOG_JWDCI_RANDY.IDX
[2007/11/15 16:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\randy\MPNTLOG_JWDCI_RANDY.EVT
[2007/11/15 16:25:10 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\randy\SPTPopUp1.txt
[2007/11/15 16:25:04 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\randy\NTUSER.DAT
[2007/11/15 16:25:04 | 000,184,320 | -H-- | C] () -- C:\Documents and Settings\randy\ntuser.dat.LOG
[2007/11/15 16:25:04 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\randy\ntuser.ini
[2007/10/12 15:33:15 | 000,013,035 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Excel.CAL
[2007/10/12 15:32:47 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\austin\webct_upload_applet.properties
[2007/08/06 14:15:19 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Brian\.plugin141_02.trace
[2007/08/06 14:15:06 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2007/08/06 14:15:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Brian\ntuser.dat.LOG
[2007/08/06 14:15:06 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Brian\ntuser.ini
[2007/06/12 18:21:41 | 000,019,870 | ---- | C] () -- C:\Documents and Settings\mary\.plugin141_02.trace
[2007/06/12 18:21:00 | 000,000,384 | -HS- | C] () -- C:\Documents and Settings\mary\ntuser.ini
[2007/06/12 18:20:59 | 004,009,984 | -H-- | C] () -- C:\Documents and Settings\mary\NTUSER.DAT
[2007/06/12 18:20:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\mary\NTUSER.DAT.LOG
[2007/05/16 19:58:14 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/05/16 19:58:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/05/16 19:56:37 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/05/16 19:56:07 | 000,022,247 | ---- | C] () -- C:\WINDOWS\hplj42504350.ini
[2007/05/16 19:55:56 | 000,005,303 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007/03/21 23:06:34 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\jeffrey\.plugin141_02.trace
[2007/03/21 23:06:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jeffrey\ntuser.dat.LOG
[2007/03/21 23:06:11 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\jeffrey\ntuser.ini
[2007/03/21 23:06:10 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\jeffrey\NTUSER.DAT
[2006/11/01 17:17:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\ken\.plugin141_02.trace
[2006/11/01 17:17:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ken\Application Data\dm.ini
[2006/11/01 17:17:19 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\ken\Exhibit A Elevator Western Pac Elevator7-10-02.doc
[2006/11/01 17:17:18 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\ken\MPNTLOG_JWDCI_ken.EVT
[2006/11/01 17:17:18 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\ken\MPNTLOG_JWDCI_ken.IDX
[2006/11/01 17:17:07 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\ken\ntuser.ini
[2006/11/01 17:17:06 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\ken\NTUSER.DAT
[2006/11/01 17:17:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\ken\ntuser.dat.LOG
[2006/06/12 20:49:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PrmSymPk32.INI
[2006/06/12 20:46:22 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\austin\ntuser.dat.LOG
[2006/06/12 20:46:22 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\austin\ntuser.ini
[2006/06/12 20:46:21 | 006,049,792 | -H-- | C] () -- C:\Documents and Settings\austin\NTUSER.DAT
[2006/06/09 20:44:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\CONFIG80.SYS
[2006/06/09 20:17:53 | 000,000,827 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2006/06/09 20:17:48 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\DBU_UI.DLL
[2006/06/09 20:17:48 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL
[2006/06/09 20:17:46 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\WDBUUI32.DLL
[2006/06/09 20:17:45 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2006/06/09 20:17:45 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/06/09 20:16:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2006/06/09 19:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/09 19:36:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jwd_main\ntuser.ini
[2006/06/09 19:36:17 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\jwd_main\NTUSER.DAT
[2006/06/09 19:36:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jwd_main\ntuser.dat.LOG
[2006/06/09 18:59:26 | 000,003,078 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/09 18:59:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/09 18:56:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/06/09 18:56:01 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/06/09 18:56:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/06/09 18:54:58 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/09 18:54:57 | 000,225,280 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/06/09 18:54:57 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/04 12:00:00 | 000,533,568 | ---- | C] () -- C:\WINDOWS\System32\msigwiut.dll
[2004/08/04 12:00:00 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\mvb35316.sys
[2003/02/25 05:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/08/29 19:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Autodesk
[2005/06/29 16:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Brightmail
[2007/07/21 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\F-Secure
[2006/11/28 19:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Kensington
[2007/08/15 23:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\OfficeUpdate12
[2008/10/01 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\RCP 5
[2007/06/07 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility
[2007/06/07 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility_Icons
[2006/06/12 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Viewpoint
[2007/02/13 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Autodesk
[2006/02/09 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Brightmail
[2006/04/19 04:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Autodesk
[2006/03/01 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Brightmail
[2006/03/29 22:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\ShopperReports
[2007/06/08 21:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility
[2007/06/08 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility_Icons
[2006/09/15 22:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Autodesk
[2005/12/12 21:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Brightmail
[2009/12/11 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Autodesk
[2005/12/16 23:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Brightmail
[2009/05/27 22:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\F-Secure
[2009/02/13 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\FileOpen
[2003/12/12 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Kensington
[2008/01/15 17:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\MSNInstaller
[2008/08/14 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jwd_main\Application Data\F-Secure
[2007/12/17 15:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Autodesk
[2004/02/07 00:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Brightmail
[2007/07/23 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\F-Secure
[2003/11/10 18:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Kensington
[2006/06/29 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Autodesk
[2004/04/09 13:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Brightmail
[2007/06/12 23:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\OfficeUpdate12
[2008/03/28 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Autodesk
[2004/04/09 14:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Brightmail
[2003/10/22 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Kensington
[2008/04/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\MSNInstaller
[2008/05/21 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\PDFill
[2007/06/11 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility
[2007/06/08 14:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility_Icons
[2004/03/01 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Brightmail
[2010/05/27 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\F-Secure
[2008/12/12 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\FileOpen
[2010/07/01 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Kensington
[2006/06/23 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Viewpoint
[2009/06/19 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Autodesk
[2004/06/10 00:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Brightmail
[2009/03/27 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Downloaded Installations
[2008/10/24 11:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\F-Secure
[2009/01/20 21:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\FileOpen
[2004/06/10 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Kensington
[2009/10/08 23:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Leadertech
[2007/04/11 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Viewpoint
[2006/02/17 23:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Brightmail
[2010/05/17 14:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\F-Secure
[2009/01/13 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\FileOpen
[2003/11/07 15:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Kensington
[2006/03/29 21:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\ShopperReports
[2009/07/15 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\F-Secure
[2009/08/02 00:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\MSNInstaller
[2006/07/20 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Autodesk
[2004/04/09 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Brightmail
[2005/11/09 17:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Kensington

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/04/14 00:12:38 | 000,189,952 | ---- | M] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\usеrinit.exe
[2004/08/04 12:00:00 | 000,189,952 | ---- | C] ()(C:\WINDOWS\System32\us?rinit.exe) -- C:\WINDOWS\System32\usеrinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 4356 bytes -> C:\Documents and Settings\austin\My Documents\Layout Upstairs Aug 31.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2424 bytes -> C:\Documents and Settings\kevin\My Documents\Need a Bigger Boat.jpg:Q30lsldxJoudresxAaaqpcawXc
< End of report >


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 24 September 2010 - 09:29 AM

There are a quite a few restrictions in this computer. Is this a corporate system?

Save this as a text file in the USB drive so you can have access to it during the PE environment.
  • Boot to the UBCD4WIN CD
  • Run the Start.CMD to start OTLPE as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    O4 - HKLM..\Run: [combofix] C:\ComboFix\CF25642.cfx File not found
    O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF25642.cfx File not found
    O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
    @Alternate Data Stream - 4356 bytes -> C:\Documents and Settings\austin\My Documents\Layout Upstairs Aug 31.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 2424 bytes -> C:\Documents and Settings\kevin\My Documents\Need a Bigger Boat.jpg:Q30lsldxJoudresxAaaqpcawXc

    :Files
    C:\WINDOWS\System32\us?rinit.exe /u

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to the UBCD4WIN.
  • Double-click on the Start.cmd once again to run OTLPE.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      MDM.EXE
      csrss.exe
      Winlogon.exe
      crss.exe
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 xmn

xmn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 24 September 2010 - 08:42 PM

Yes, this system is part of a domain at a business. I'm their outsourced Tier2 IT provider - this is the first time I've had malware I couldn't get rid of. Thanks so much for your help!

Here are the logs you requested:
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
ADS C:\Documents and Settings\austin\My Documents\Layout Upstairs Aug 31.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\kevin\My Documents\Need a Bigger Boat.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\usеrinit.exe moved successfully.

OTLPE by OldTimer - Version 3.1.42.0 log created on 09242010_181359

OTL logfile created on: 9/24/2010 6:28:03 PM - Run
OTLPE by OldTimer - Version 3.1.42.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
463.00 Mb Paging File | 276.00 Mb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 217.87 Gb Free Space | 93.21% Space Free | Partition Type: NTFS
Drive D: | 116.74 Mb Total Space | 115.37 Mb Free Space | 98.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 695.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BARTPE-3889
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2008/10/09 10:29:30 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2008/10/09 10:29:20 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2008/10/09 10:28:06 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/10/09 10:27:28 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2005/12/12 22:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/10/22 19:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/20 06:25:00 | 000,322,120 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/09/20 22:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\robg\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/08/31 14:19:10 | 000,041,624 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2010/07/29 13:32:54 | 000,124,072 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/12/31 16:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 18:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/09 12:10:48 | 000,012,800 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\mvb35316.sys -- (mvb35316)
DRV - [2008/10/09 10:28:10 | 000,025,184 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/10/09 10:28:08 | 000,039,776 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2008/08/14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 00:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 19:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 18:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 18:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 18:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 18:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 17:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 17:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 17:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 17:36:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/29 02:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/29 01:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/05/03 16:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/19 14:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/04 12:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 12:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 12:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 12:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 12:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 12:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 12:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 12:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 12:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 12:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2003/06/02 20:42:14 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/13 18:34:48 | 000,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 20:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Allan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Allan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\austin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\austin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\austin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\Brian_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Brian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\gary_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\gary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\gary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\jan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\jeffrey_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jeffrey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\jwd_main_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jwd_main_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\ken_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\ken_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ken_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\kevin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\kevin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\lew_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\lew_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\mary_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\mary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\mike_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\randy_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\randy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\robg_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\robg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\whitey_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\whitey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/02 00:37:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/23 15:38:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Allan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\austin_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Brian_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jan_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jeffrey_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ken_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\lew_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lew_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mary_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mike_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\robg_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\robg_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE File not found
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe File not found
O4 - HKU\Allan_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\austin_ON_C..\Run: [] File not found
O4 - HKU\austin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\austin_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\austin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\austin_ON_C..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe File not found
O4 - HKU\austin_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Brian_ON_C..\Run: [] File not found
O4 - HKU\Brian_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\gary_ON_C..\Run: [] File not found
O4 - HKU\gary_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jan_ON_C..\Run: [] File not found
O4 - HKU\jan_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jeffrey_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jwd_main_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jwd_main_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\ken_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\ken_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\kevin_ON_C..\Run: [] File not found
O4 - HKU\kevin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mary_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mike_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mike_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKU\mike_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\randy_ON_C..\Run: [] File not found
O4 - HKU\randy_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\randy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\whitey_ON_C..\Run: [] File not found
O4 - HKU\whitey_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\gary_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe File not found
O4 - HKU\mike_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\lew\Start Menu\Programs\Startup\Shortcut to Outlook.lnk = File not found
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\FileOpenAPI.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Allan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\austin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 1
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = photoed.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = fxrdpclp.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = winlogon.exe ()
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = acrotray.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = crss.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = userinit.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = smss.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = lsass.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = regedit.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = doesexists.reg
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = aclt.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = fsm32.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = userinit.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = smss.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = crss.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = aclt.exe
O7 - HKU\jan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jeffrey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jwd_main_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ken_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = kodakimg.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21 = fsm32.exe
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = fsm32.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21 = AcroRd32.exe
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = suretrak.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = outlook.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe ()
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1168390310773 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://server/jre-1_5_0_10-windows-i586-p.exe (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jwdci.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/09 18:52:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 14:43:16 | 000,000,156 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/11/02 23:05:00 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/24 18:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/23 15:38:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/23 15:14:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/23 15:11:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/23 15:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/23 15:04:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/23 15:04:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/23 15:04:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/23 15:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/23 15:03:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/23 15:01:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/23 14:58:01 | 000,000,000 | ---D | C] -- C:\Fix
[2010/09/23 14:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\robg\Application Data\Macromedia
[2010/09/22 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/22 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/10 00:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Sun
[2010/09/10 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Local Settings\Application Data\Google
[2010/09/10 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Google
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\Timecards
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\SRI Add. Work
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\San Miguel
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\My eBooks
[2010/09/10 00:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\Canon
[2010/09/07 20:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Identities
[2010/09/07 20:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents\My Music
[2010/09/07 20:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents\My Pictures
[2010/09/07 20:11:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Allan\Application Data\Microsoft
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\SendTo
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\Recent
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\Application Data
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Start Menu
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Favorites
[2010/09/07 20:11:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Allan\Cookies
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\Templates
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\PrintHood
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\NetHood
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\Local Settings
[2010/09/07 20:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Local Settings\Application Data\Microsoft
[2010/09/07 20:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gary\Desktop\*.tmp files -> C:\Documents and Settings\gary\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\austin\*.tmp files -> C:\Documents and Settings\austin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/24 18:27:12 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\randy\NTUSER.DAT
[2010/09/23 17:16:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/23 17:16:11 | 536,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 15:39:43 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/23 15:39:43 | 000,225,280 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/23 15:39:19 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\robg\NTUSER.DAT
[2010/09/23 15:39:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\robg\ntuser.ini
[2010/09/23 15:38:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/23 15:29:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/23 15:28:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/23 15:28:51 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/23 15:11:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/23 07:52:18 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2010/09/23 07:52:18 | 001,925,120 | -H-- | M] () -- C:\Documents and Settings\gary\NTUSER.DAT
[2010/09/23 07:52:18 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\jan\NTUSER.DAT
[2010/09/23 07:52:17 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\jeffrey\NTUSER.DAT
[2010/09/23 07:52:17 | 004,009,984 | -H-- | M] () -- C:\Documents and Settings\mary\NTUSER.DAT
[2010/09/23 07:52:17 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2010/09/23 07:52:16 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\ken\NTUSER.DAT
[2010/09/23 07:52:16 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2010/09/23 07:52:16 | 002,093,056 | -H-- | M] () -- C:\Documents and Settings\lew\NTUSER.DAT
[2010/09/23 00:18:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\randy\ntuser.ini
[2010/09/23 00:17:00 | 004,834,178 | -H-- | M] () -- C:\Documents and Settings\randy\Local Settings\Application Data\IconCache.db
[2010/09/22 23:24:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/22 17:19:26 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Timecard.xls
[2010/09/10 14:25:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Allan\ntuser.ini
[2010/09/10 14:25:06 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Allan\NTUSER.DAT
[2010/09/10 14:24:56 | 004,826,764 | -H-- | M] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\IconCache.db
[2010/09/10 00:26:55 | 000,000,036 | ---- | M] () -- C:\WINDOWS\PrmSymPk32.INI
[2010/09/10 00:25:46 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Expedition.url
[2010/09/10 00:24:57 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\Allan\My Documents\Default.rdp
[2010/09/10 00:24:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/10 00:24:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Outlook.lnk
[2010/09/07 20:36:59 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Word.lnk
[2010/09/07 20:36:31 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Excel.lnk
[2010/09/07 20:28:04 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\JWD Server.lnk
[2010/09/07 20:19:44 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/07 20:12:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 20:12:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/31 21:09:38 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Projects.lnk
[2010/08/31 14:19:10 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/08/26 14:46:29 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Expedition.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gary\Desktop\*.tmp files -> C:\Documents and Settings\gary\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\austin\*.tmp files -> C:\Documents and Settings\austin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/23 16:02:57 | 536,137,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/23 15:11:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/23 15:11:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/23 15:04:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/23 15:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/23 15:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/23 15:04:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/23 15:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/10 00:24:28 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/10 00:23:51 | 000,091,386 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\www.watersealant.com-specwater0001.mdi
[2010/09/10 00:23:50 | 000,083,814 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\www.watersealant.com-specwater.mdi
[2010/09/10 00:23:50 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\TRILOGY WINE LIBRARY.doc
[2010/09/10 00:23:50 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Village.doc
[2010/09/10 00:23:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Village @ Nipomo Punch list.doc
[2010/09/10 00:23:50 | 000,010,929 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\SM fire water connection.pdf
[2010/09/10 00:23:50 | 000,010,859 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\trench drain catch basin connections.pdf
[2010/09/10 00:23:50 | 000,010,697 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Wallace sewer lateral location.pdf
[2010/09/10 00:23:50 | 000,010,682 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\San Miguel grid lines.pdf
[2010/09/10 00:23:50 | 000,010,591 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Tank Farm Dry Utilities.pdf
[2010/09/10 00:23:50 | 000,010,548 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\test.pdf
[2010/09/10 00:23:49 | 000,089,067 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Howards appliances misc orders.pdf
[2010/09/10 00:23:49 | 000,089,067 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\FireInserts052606.pdf
[2010/09/10 00:23:49 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\nipomo fax.doc
[2010/09/10 00:23:49 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Oscar Vissor punch list.doc
[2010/09/10 00:23:49 | 000,010,881 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\S.M. Anchor bolt embedment.pdf
[2010/09/10 00:23:49 | 000,010,779 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\MW Arch. S.M. Sidewalks.pdf
[2010/09/10 00:23:49 | 000,010,767 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\hose station.pdf
[2010/09/10 00:23:49 | 000,010,476 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Peachey water meters.pdf
[2010/09/10 00:23:48 | 000,046,646 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Dobitz.pdf
[2010/09/10 00:23:48 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Bldg K Exterior.doc
[2010/09/10 00:23:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL MIXED USE PUNCH LIST.doc
[2010/09/10 00:23:48 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL MIXED USE Grizzle.doc
[2010/09/10 00:23:48 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL - PRO COATINGS PUNCH LIST.doc
[2010/09/10 00:23:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Bldg K Site.doc
[2010/09/10 00:23:48 | 000,011,002 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Dry Utilities.pdf
[2010/09/10 00:23:48 | 000,010,869 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Fire access doors.pdf
[2010/09/10 00:23:48 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon Peachey.pdf
[2010/09/10 00:23:48 | 000,010,617 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon relief valve.pdf
[2010/09/10 00:23:48 | 000,010,473 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon Peachey gas laterals.pdf
[2010/09/10 00:23:47 | 000,385,100 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\00-8021 E2.mdi
[2010/09/10 00:23:47 | 000,319,511 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\4535 - 380 Front Street - Martin Rev3 06_06-08.pdf
[2010/09/10 00:23:47 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\archive.pst
[2010/09/10 00:23:47 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\ Lease_Rent Agreement.doc
[2010/09/10 00:23:47 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\ACO Homedrain.url
[2010/09/10 00:22:32 | 000,450,698 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\w-3.bmp
[2010/09/10 00:22:32 | 000,041,325 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\pinoh steps.pdf
[2010/09/10 00:22:32 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\SureTrak.lnk
[2010/09/10 00:22:32 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Timecards.lnk
[2010/09/10 00:22:32 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Expedition.url
[2010/09/10 00:22:32 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Projects.lnk
[2010/09/07 20:36:35 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Outlook.lnk
[2010/09/07 20:36:31 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Excel.lnk
[2010/09/07 20:36:24 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Word.lnk
[2010/09/07 20:28:04 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\JWD Server.lnk
[2010/09/07 20:26:43 | 000,001,732 | -H-- | C] () -- C:\Documents and Settings\Allan\My Documents\Default.rdp
[2010/09/07 20:12:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 20:12:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/07 20:11:15 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Allan\ntuser.ini
[2010/09/07 20:11:12 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Allan\NTUSER.DAT
[2010/09/07 20:11:12 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Allan\ntuser.dat.LOG
[2009/10/13 16:50:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\mike\.plugin141_02.trace
[2009/10/13 16:48:02 | 000,000,384 | -HS- | C] () -- C:\Documents and Settings\mike\ntuser.ini
[2009/08/17 00:43:42 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2009/08/17 00:43:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\mike\ntuser.dat.LOG
[2009/06/30 16:23:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\robg\ntuser.ini
[2009/06/30 16:23:07 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\robg\NTUSER.DAT
[2009/06/30 16:23:07 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\robg\ntuser.dat.LOG
[2009/02/25 11:05:55 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/10/03 20:13:39 | 000,038,503 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Excel.ADR
[2008/10/03 20:13:39 | 000,038,497 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Access.ADR
[2008/05/22 22:47:35 | 000,037,623 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Comma Separated Values (Windows).ADR
[2008/05/22 22:47:19 | 000,038,524 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Microsoft Excel.ADR
[2008/04/28 22:04:57 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\lew\.plugin141_02.trace
[2008/04/28 22:04:38 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\lew\plugin131_02.trace
[2008/04/28 22:04:33 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\lew\ntuser.dat.LOG
[2008/04/28 22:04:33 | 000,000,278 | -H-- | C] () -- C:\Documents and Settings\lew\ntuser.ini
[2008/04/28 22:04:32 | 002,093,056 | -H-- | C] () -- C:\Documents and Settings\lew\NTUSER.DAT
[2008/02/19 23:37:46 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\gary\.plugin141_02.trace
[2008/02/19 23:37:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\gary\ntuser.dat.LOG
[2008/02/19 23:37:14 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\gary\ntuser.ini
[2008/02/19 23:37:13 | 001,925,120 | -H-- | C] () -- C:\Documents and Settings\gary\NTUSER.DAT
[2008/02/13 23:48:32 | 000,005,032 | ---- | C] () -- C:\Documents and Settings\kevin\.plugin141_02.trace
[2008/02/13 23:48:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\kevin\ntuser.dat.LOG
[2008/02/13 23:48:19 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\kevin\ntuser.ini
[2008/02/13 23:48:18 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2008/02/13 23:44:22 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\whitey\.plugin141_02.trace
[2008/02/13 23:44:15 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\whitey\JWD Timecard.xls
[2008/02/13 23:44:08 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\whitey\ntuser.dat.LOG
[2008/02/13 23:44:08 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\whitey\ntuser.ini
[2008/02/13 23:44:07 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\whitey\NTUSER.DAT
[2008/02/08 21:09:39 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\jan\.plugin141_02.trace
[2008/02/08 21:09:17 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\jan\NTUSER.DAT
[2008/02/08 21:09:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jan\ntuser.dat.LOG
[2008/02/08 21:09:17 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\jan\ntuser.ini
[2007/11/15 16:25:18 | 000,007,243 | ---- | C] () -- C:\Documents and Settings\randy\.plugin141_02.trace
[2007/11/15 16:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\randy\MPNTLOG_JWDCI_RANDY.IDX
[2007/11/15 16:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\randy\MPNTLOG_JWDCI_RANDY.EVT
[2007/11/15 16:25:10 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\randy\SPTPopUp1.txt
[2007/11/15 16:25:04 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\randy\NTUSER.DAT
[2007/11/15 16:25:04 | 000,192,512 | -H-- | C] () -- C:\Documents and Settings\randy\ntuser.dat.LOG
[2007/11/15 16:25:04 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\randy\ntuser.ini
[2007/10/12 15:33:15 | 000,013,035 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Excel.CAL
[2007/10/12 15:32:47 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\austin\webct_upload_applet.properties
[2007/08/06 14:15:19 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Brian\.plugin141_02.trace
[2007/08/06 14:15:06 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2007/08/06 14:15:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Brian\ntuser.dat.LOG
[2007/08/06 14:15:06 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Brian\ntuser.ini
[2007/06/12 18:21:41 | 000,019,870 | ---- | C] () -- C:\Documents and Settings\mary\.plugin141_02.trace
[2007/06/12 18:21:00 | 000,000,384 | -HS- | C] () -- C:\Documents and Settings\mary\ntuser.ini
[2007/06/12 18:20:59 | 004,009,984 | -H-- | C] () -- C:\Documents and Settings\mary\NTUSER.DAT
[2007/06/12 18:20:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\mary\NTUSER.DAT.LOG
[2007/05/16 19:58:14 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/05/16 19:58:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/05/16 19:56:37 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/05/16 19:56:07 | 000,022,247 | ---- | C] () -- C:\WINDOWS\hplj42504350.ini
[2007/05/16 19:55:56 | 000,005,303 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007/03/21 23:06:34 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\jeffrey\.plugin141_02.trace
[2007/03/21 23:06:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jeffrey\ntuser.dat.LOG
[2007/03/21 23:06:11 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\jeffrey\ntuser.ini
[2007/03/21 23:06:10 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\jeffrey\NTUSER.DAT
[2006/11/01 17:17:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\ken\.plugin141_02.trace
[2006/11/01 17:17:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ken\Application Data\dm.ini
[2006/11/01 17:17:19 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\ken\Exhibit A Elevator Western Pac Elevator7-10-02.doc
[2006/11/01 17:17:18 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\ken\MPNTLOG_JWDCI_ken.EVT
[2006/11/01 17:17:18 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\ken\MPNTLOG_JWDCI_ken.IDX
[2006/11/01 17:17:07 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\ken\ntuser.ini
[2006/11/01 17:17:06 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\ken\NTUSER.DAT
[2006/11/01 17:17:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\ken\ntuser.dat.LOG
[2006/06/12 20:49:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PrmSymPk32.INI
[2006/06/12 20:46:22 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\austin\ntuser.dat.LOG
[2006/06/12 20:46:22 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\austin\ntuser.ini
[2006/06/12 20:46:21 | 006,049,792 | -H-- | C] () -- C:\Documents and Settings\austin\NTUSER.DAT
[2006/06/09 20:44:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\CONFIG80.SYS
[2006/06/09 20:17:53 | 000,000,827 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2006/06/09 20:17:48 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\DBU_UI.DLL
[2006/06/09 20:17:48 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL
[2006/06/09 20:17:46 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\WDBUUI32.DLL
[2006/06/09 20:17:45 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2006/06/09 20:17:45 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/06/09 20:16:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2006/06/09 19:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/09 19:36:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jwd_main\ntuser.ini
[2006/06/09 19:36:17 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\jwd_main\NTUSER.DAT
[2006/06/09 19:36:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jwd_main\ntuser.dat.LOG
[2006/06/09 18:59:26 | 000,003,078 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/09 18:59:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/09 18:56:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/06/09 18:56:01 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/06/09 18:56:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/06/09 18:54:58 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/09 18:54:57 | 000,225,280 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/06/09 18:54:57 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/04 12:00:00 | 000,533,568 | ---- | C] () -- C:\WINDOWS\System32\msigwiut.dll
[2004/08/04 12:00:00 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\mvb35316.sys
[2003/02/25 05:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/08/29 19:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Autodesk
[2005/06/29 16:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Brightmail
[2007/07/21 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\F-Secure
[2006/11/28 19:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Kensington
[2007/08/15 23:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\OfficeUpdate12
[2008/10/01 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\RCP 5
[2007/06/07 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility
[2007/06/07 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility_Icons
[2006/06/12 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Viewpoint
[2007/02/13 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Autodesk
[2006/02/09 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Brightmail
[2006/04/19 04:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Autodesk
[2006/03/01 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Brightmail
[2006/03/29 22:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\ShopperReports
[2007/06/08 21:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility
[2007/06/08 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility_Icons
[2006/09/15 22:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Autodesk
[2005/12/12 21:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Brightmail
[2009/12/11 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Autodesk
[2005/12/16 23:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Brightmail
[2009/05/27 22:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\F-Secure
[2009/02/13 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\FileOpen
[2003/12/12 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Kensington
[2008/01/15 17:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\MSNInstaller
[2008/08/14 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jwd_main\Application Data\F-Secure
[2007/12/17 15:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Autodesk
[2004/02/07 00:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Brightmail
[2007/07/23 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\F-Secure
[2003/11/10 18:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Kensington
[2006/06/29 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Autodesk
[2004/04/09 13:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Brightmail
[2007/06/12 23:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\OfficeUpdate12
[2008/03/28 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Autodesk
[2004/04/09 14:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Brightmail
[2003/10/22 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Kensington
[2008/04/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\MSNInstaller
[2008/05/21 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\PDFill
[2007/06/11 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility
[2007/06/08 14:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility_Icons
[2004/03/01 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Brightmail
[2010/05/27 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\F-Secure
[2008/12/12 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\FileOpen
[2010/07/01 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Kensington
[2006/06/23 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Viewpoint
[2009/06/19 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Autodesk
[2004/06/10 00:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Brightmail
[2009/03/27 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Downloaded Installations
[2008/10/24 11:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\F-Secure
[2009/01/20 21:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\FileOpen
[2004/06/10 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Kensington
[2009/10/08 23:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Leadertech
[2007/04/11 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Viewpoint
[2006/02/17 23:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Brightmail
[2010/05/17 14:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\F-Secure
[2009/01/13 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\FileOpen
[2003/11/07 15:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Kensington
[2006/03/29 21:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\ShopperReports
[2009/07/15 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\F-Secure
[2009/08/02 00:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\MSNInstaller
[2006/07/20 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Autodesk
[2004/04/09 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Brightmail
[2005/11/09 17:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Kensington

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2008/04/14 00:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 00:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: MDM.EXE >
[2003/06/20 06:25:00 | 000,322,120 | ---- | M] () Unable to obtain MD5 -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\winlogon.exe
< End of report >


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 24 September 2010 - 11:17 PM

The winlogon.exe file seems in trouble as well as the debug manager. There isn't another copy for the debug manager, thus will only attempt to replace the winlogon.exe file.

Save this as a text file in the USB drive so you can have access to it during the PE environment.
  • Boot to the UBCD4WIN CD
  • Run the Start.CMD to start OTLPE as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :Files
    C:\WINDOWS\system32\winlogon.exe|C:\WINDOWS\ServicePackFiles\i386\winlogon.exe /replace

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.
Restart the computer back to the UBCD4WIN.
  • Double-click on the Start.cmd file to start OTLPE.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change all to None
    • Under the Custom Scan box paste this in
      /md5start
      winlogon.exe
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 xmn

xmn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 25 September 2010 - 12:57 AM

I can get a clean copy of mdm.exe from another system if necessary.

Here is the 1st log:

========== FILES ==========
Unable to replace file: C:\WINDOWS\system32\winlogon.exe with C:\WINDOWS\ServicePackFiles\i386\winlogon.exe without a reboot.

OTLPE by OldTimer - Version 3.1.42.0 log created on 09242010_223404

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the 2nd:

OTL logfile created on: 9/24/2010 10:49:33 PM - Run
OTLPE by OldTimer - Version 3.1.42.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 44.00% Memory free
463.00 Mb Paging File | 279.00 Mb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 217.87 Gb Free Space | 93.21% Space Free | Partition Type: NTFS
Drive D: | 116.74 Mb Total Space | 115.13 Mb Free Space | 98.63% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 695.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BARTPE-21979
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== LOP Check ==========

[2008/08/29 19:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Autodesk
[2005/06/29 16:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Brightmail
[2007/07/21 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\F-Secure
[2006/11/28 19:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Kensington
[2007/08/15 23:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\OfficeUpdate12
[2008/10/01 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\RCP 5
[2007/06/07 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility
[2007/06/07 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility_Icons
[2006/06/12 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Viewpoint
[2007/02/13 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Autodesk
[2006/02/09 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Brightmail
[2006/04/19 04:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Autodesk
[2006/03/01 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Brightmail
[2006/03/29 22:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\ShopperReports
[2007/06/08 21:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility
[2007/06/08 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility_Icons
[2006/09/15 22:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Autodesk
[2005/12/12 21:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Brightmail
[2009/12/11 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Autodesk
[2005/12/16 23:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Brightmail
[2009/05/27 22:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\F-Secure
[2009/02/13 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\FileOpen
[2003/12/12 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Kensington
[2008/01/15 17:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\MSNInstaller
[2008/08/14 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jwd_main\Application Data\F-Secure
[2007/12/17 15:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Autodesk
[2004/02/07 00:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Brightmail
[2007/07/23 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\F-Secure
[2003/11/10 18:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Kensington
[2006/06/29 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Autodesk
[2004/04/09 13:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Brightmail
[2007/06/12 23:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\OfficeUpdate12
[2008/03/28 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Autodesk
[2004/04/09 14:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Brightmail
[2003/10/22 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Kensington
[2008/04/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\MSNInstaller
[2008/05/21 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\PDFill
[2007/06/11 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility
[2007/06/08 14:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility_Icons
[2004/03/01 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Brightmail
[2010/05/27 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\F-Secure
[2008/12/12 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\FileOpen
[2010/07/01 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Kensington
[2006/06/23 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Viewpoint
[2009/06/19 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Autodesk
[2004/06/10 00:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Brightmail
[2009/03/27 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Downloaded Installations
[2008/10/24 11:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\F-Secure
[2009/01/20 21:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\FileOpen
[2004/06/10 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Kensington
[2009/10/08 23:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Leadertech
[2007/04/11 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Viewpoint
[2006/02/17 23:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Brightmail
[2010/05/17 14:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\F-Secure
[2009/01/13 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\FileOpen
[2003/11/07 15:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Kensington
[2006/03/29 21:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\ShopperReports
[2009/07/15 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\F-Secure
[2009/08/02 00:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\MSNInstaller
[2006/07/20 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Autodesk
[2004/04/09 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Brightmail
[2005/11/09 17:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Kensington

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

Thanks again, Rob

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 25 September 2010 - 05:56 PM

Seems winlogon.exe was replaced. Can you boot now in Normal Mode?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 xmn

xmn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 27 September 2010 - 01:29 PM

Yes, I now have a logon dialog.

#10 xmn

xmn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 27 September 2010 - 03:46 PM

What would you recommend I do next to remove any remaining malware?

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 27 September 2010 - 05:27 PM

Yes. Lets clean the computer.

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

----------------------------

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 xmn

xmn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 29 September 2010 - 11:12 AM

Thanks for your help so far. Unfortunately, I'm still having problems with this one.

After logging on, Combofix automatically ran and I once again had the same stop error as before. I followed the previous instructions and recovered from that.

However, whenever I attempt to run Malware Bytes, from either Safe Mode or regular boot, the app is killed after several seconds, and the executable's permissions are changed to prevent it from being run again - this can be easily overcome to re-run the program, but it just kills and resets the permissions again. I tried running HijackThis in Safe Mode as I couldn't find any suspicious processes on my own, but it does the same thing to HijackThis.

I went ahead and ran Combofix, but it did not resolve the problem, either.

I also tried running SuperAntiSpyware again from the UBCD4Win boot disc, but that was also unable to remove the infection.

Following is a re-run of the OTL log with the MD5 checks you asked for before.

Any further help is greatly appreciated!

OTL logfile created on: 9/29/2010 8:54:36 AM - Run
OTLPE by OldTimer - Version 3.1.42.0 Folder = D:\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 49.00% Memory free
463.00 Mb Paging File | 304.00 Mb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 218.51 Gb Free Space | 93.48% Space Free | Partition Type: NTFS
Drive D: | 116.74 Mb Total Space | 115.61 Mb Free Space | 99.04% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 695.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2005/12/12 22:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/10/22 19:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 22:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\robg\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2009/12/31 16:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 18:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/02/09 12:10:48 | 000,012,800 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\mvb35316.sys -- (mvb35316)
DRV - [2008/08/14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 00:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 19:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 18:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 18:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 18:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 18:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 17:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 17:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/13 17:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 17:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 17:36:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/29 02:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/29 01:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/05/03 16:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/19 14:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/04 12:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 12:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 12:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 12:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 12:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 12:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 12:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 12:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 12:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 12:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2003/06/02 20:42:14 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/13 18:34:48 | 000,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 20:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Allan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Allan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Allan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\austin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\austin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\austin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\austin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Brian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\Brian_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Brian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\gary_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\gary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\gary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\jan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\jan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\jeffrey_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\jeffrey_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jeffrey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\jwd_main_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\jwd_main_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jwd_main_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\ken_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\ken_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\ken_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ken_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\kevin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\kevin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\kevin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\lew_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\lew_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\lew_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\mary_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\mary_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\mary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\mike_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\randy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\randy_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\randy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\robg_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\robg_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\robg_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\whitey_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\whitey_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\whitey_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/02 00:37:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/29 02:22:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Allan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\austin_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\austin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Brian_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Brian_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\gary_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\gary_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jan_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jan_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jeffrey_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jeffrey_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jwd_main_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ken_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\ken_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\kevin_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\kevin_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\lew_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lew_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\lew_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mary_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\mary_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mike_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\mike_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\randy_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\randy_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\robg_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\robg_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\whitey_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe File not found
O4 - HKU\Allan_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\austin_ON_C..\Run: [] File not found
O4 - HKU\austin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\austin_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\austin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\austin_ON_C..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe File not found
O4 - HKU\austin_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Brian_ON_C..\Run: [] File not found
O4 - HKU\Brian_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\gary_ON_C..\Run: [] File not found
O4 - HKU\gary_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jan_ON_C..\Run: [] File not found
O4 - HKU\jan_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jeffrey_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jwd_main_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jwd_main_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\ken_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\ken_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\kevin_ON_C..\Run: [] File not found
O4 - HKU\kevin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mary_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mike_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\mike_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKU\mike_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\randy_ON_C..\Run: [] File not found
O4 - HKU\randy_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\randy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\robg_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\robg_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\whitey_ON_C..\Run: [] File not found
O4 - HKU\whitey_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\gary_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe File not found
O4 - HKU\mike_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\lew\Start Menu\Programs\Startup\Shortcut to Outlook.lnk = File not found
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\FileOpenAPI.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Allan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\austin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 1
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = photoed.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = fxrdpclp.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = winlogon.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = acrotray.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = crss.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = userinit.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = smss.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = lsass.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = regedit.exe (Microsoft Corporation)
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = doesexists.reg
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = aclt.exe
O7 - HKU\Brian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = fsm32.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = userinit.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = smss.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = crss.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\gary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = aclt.exe
O7 - HKU\jan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jeffrey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jwd_main_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ken_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\kevin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = kodakimg.exe
O7 - HKU\lew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21 = fsm32.exe
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\mary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = outlook.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = suretrak.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19 = mplayer2.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20 = fsm32.exe
O7 - HKU\randy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21 = AcroRd32.exe
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\robg_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1 = excel.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = explorer.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = expwin.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = suretrak.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5 = outlook.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6 = winword.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7 = iexplore.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8 = acrobat.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9 = doesexists.reg
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10 = photoed.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11 = fxrdpclp.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12 = winlogon.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13 = acrotray.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14 = crss.exe
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15 = userinit.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16 = smss.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17 = lsass.exe (Microsoft Corporation)
O7 - HKU\whitey_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18 = regedit.exe (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1168390310773 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://server/jre-1_5_0_10-windows-i586-p.exe (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jwdci.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/09 18:52:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 14:43:16 | 000,000,156 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/11/02 23:05:00 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/29 02:45:36 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/09/29 02:34:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/09/29 02:25:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/28 16:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\robg\Application Data\Malwarebytes
[2010/09/28 16:50:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/28 16:50:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/28 16:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/28 16:50:22 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\robg\Desktop\mbam-setup-1.46.exe
[2010/09/27 18:26:26 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/09/24 22:34:05 | 000,553,472 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/09/24 18:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/23 15:14:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/09/23 15:11:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/23 15:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/23 15:04:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/23 15:04:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/23 15:04:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/23 15:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/23 15:01:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/23 14:58:01 | 000,000,000 | ---D | C] -- C:\Fix
[2010/09/23 14:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\robg\Application Data\Macromedia
[2010/09/22 17:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/22 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/10 00:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Sun
[2010/09/10 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Local Settings\Application Data\Google
[2010/09/10 00:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Google
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\Timecards
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\SRI Add. Work
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\San Miguel
[2010/09/10 00:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\My eBooks
[2010/09/10 00:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\My Documents\Canon
[2010/09/07 20:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Application Data\Identities
[2010/09/07 20:11:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents\My Music
[2010/09/07 20:11:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents\My Pictures
[2010/09/07 20:11:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Allan\Application Data\Microsoft
[2010/09/07 20:11:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Allan\Cookies
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\SendTo
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\Recent
[2010/09/07 20:11:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allan\Application Data
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Start Menu
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\My Documents
[2010/09/07 20:11:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Allan\Favorites
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\Templates
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\PrintHood
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\NetHood
[2010/09/07 20:11:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Allan\Local Settings
[2010/09/07 20:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Local Settings\Application Data\Microsoft
[2010/09/07 20:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allan\Desktop
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gary\Desktop\*.tmp files -> C:\Documents and Settings\gary\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\austin\*.tmp files -> C:\Documents and Settings\austin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/29 08:43:47 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Allan\NTUSER.DAT
[2010/09/29 04:50:24 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/09/29 04:50:24 | 000,225,280 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/09/29 04:50:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/29 04:50:16 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\robg\NTUSER.DAT
[2010/09/29 04:50:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\robg\ntuser.ini
[2010/09/29 04:50:09 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\robg\Local Settings\Application Data\IconCache.db
[2010/09/29 02:43:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\robg\Local Settings\Application Data\housecall.guid.cache
[2010/09/29 02:31:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/29 02:22:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/29 02:22:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/28 19:07:41 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\jan\NTUSER.DAT
[2010/09/28 19:07:40 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\jeffrey\NTUSER.DAT
[2010/09/28 19:07:40 | 004,009,984 | -H-- | M] () -- C:\Documents and Settings\mary\NTUSER.DAT
[2010/09/28 19:07:40 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2010/09/28 19:07:40 | 001,925,120 | -H-- | M] () -- C:\Documents and Settings\gary\NTUSER.DAT
[2010/09/28 19:07:39 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2010/09/28 19:07:39 | 002,093,056 | -H-- | M] () -- C:\Documents and Settings\lew\NTUSER.DAT
[2010/09/28 16:54:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/28 16:50:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\robg\Desktop\mbam-setup-1.46.exe
[2010/09/28 16:47:13 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/27 22:48:49 | 000,452,874 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/27 22:48:49 | 000,073,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/24 22:52:32 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\randy\NTUSER.DAT
[2010/09/23 15:11:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/23 07:52:18 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2010/09/23 07:52:16 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\ken\NTUSER.DAT
[2010/09/23 00:18:32 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\randy\ntuser.ini
[2010/09/23 00:17:00 | 004,834,178 | -H-- | M] () -- C:\Documents and Settings\randy\Local Settings\Application Data\IconCache.db
[2010/09/22 23:24:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/22 18:44:56 | 000,553,472 | ---- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/09/22 17:19:26 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Timecard.xls
[2010/09/10 14:25:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Allan\ntuser.ini
[2010/09/10 14:24:56 | 004,826,764 | -H-- | M] () -- C:\Documents and Settings\Allan\Local Settings\Application Data\IconCache.db
[2010/09/10 00:26:55 | 000,000,036 | ---- | M] () -- C:\WINDOWS\PrmSymPk32.INI
[2010/09/10 00:25:46 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Expedition.url
[2010/09/10 00:24:57 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\Allan\My Documents\Default.rdp
[2010/09/10 00:24:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/10 00:24:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Outlook.lnk
[2010/09/07 20:36:59 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Word.lnk
[2010/09/07 20:36:31 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\Excel.lnk
[2010/09/07 20:28:04 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Allan\Desktop\JWD Server.lnk
[2010/09/07 20:19:44 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/09/07 20:12:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 20:12:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/06 09:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/31 21:09:38 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\randy\Desktop\Projects.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\gary\Desktop\*.tmp files -> C:\Documents and Settings\gary\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\austin\*.tmp files -> C:\Documents and Settings\austin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/29 02:43:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\robg\Local Settings\Application Data\housecall.guid.cache
[2010/09/23 15:11:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/23 15:11:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/23 15:04:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/23 15:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/23 15:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/23 15:04:07 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/23 15:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/10 00:24:28 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/10 00:23:51 | 000,091,386 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\www.watersealant.com-specwater0001.mdi
[2010/09/10 00:23:50 | 000,083,814 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\www.watersealant.com-specwater.mdi
[2010/09/10 00:23:50 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\TRILOGY WINE LIBRARY.doc
[2010/09/10 00:23:50 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Village.doc
[2010/09/10 00:23:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Village @ Nipomo Punch list.doc
[2010/09/10 00:23:50 | 000,010,929 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\SM fire water connection.pdf
[2010/09/10 00:23:50 | 000,010,859 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\trench drain catch basin connections.pdf
[2010/09/10 00:23:50 | 000,010,697 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Wallace sewer lateral location.pdf
[2010/09/10 00:23:50 | 000,010,682 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\San Miguel grid lines.pdf
[2010/09/10 00:23:50 | 000,010,591 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Tank Farm Dry Utilities.pdf
[2010/09/10 00:23:50 | 000,010,548 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\test.pdf
[2010/09/10 00:23:49 | 000,089,067 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Howards appliances misc orders.pdf
[2010/09/10 00:23:49 | 000,089,067 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\FireInserts052606.pdf
[2010/09/10 00:23:49 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\nipomo fax.doc
[2010/09/10 00:23:49 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Oscar Vissor punch list.doc
[2010/09/10 00:23:49 | 000,010,881 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\S.M. Anchor bolt embedment.pdf
[2010/09/10 00:23:49 | 000,010,779 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\MW Arch. S.M. Sidewalks.pdf
[2010/09/10 00:23:49 | 000,010,767 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\hose station.pdf
[2010/09/10 00:23:49 | 000,010,476 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Peachey water meters.pdf
[2010/09/10 00:23:48 | 000,046,646 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Dobitz.pdf
[2010/09/10 00:23:48 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Bldg K Exterior.doc
[2010/09/10 00:23:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL MIXED USE PUNCH LIST.doc
[2010/09/10 00:23:48 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL MIXED USE Grizzle.doc
[2010/09/10 00:23:48 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\CARROLL - PRO COATINGS PUNCH LIST.doc
[2010/09/10 00:23:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Bldg K Site.doc
[2010/09/10 00:23:48 | 000,011,002 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Dry Utilities.pdf
[2010/09/10 00:23:48 | 000,010,869 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Fire access doors.pdf
[2010/09/10 00:23:48 | 000,010,733 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon Peachey.pdf
[2010/09/10 00:23:48 | 000,010,617 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon relief valve.pdf
[2010/09/10 00:23:48 | 000,010,473 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\Cannon Peachey gas laterals.pdf
[2010/09/10 00:23:47 | 000,385,100 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\00-8021 E2.mdi
[2010/09/10 00:23:47 | 000,319,511 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\4535 - 380 Front Street - Martin Rev3 06_06-08.pdf
[2010/09/10 00:23:47 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\archive.pst
[2010/09/10 00:23:47 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\ Lease_Rent Agreement.doc
[2010/09/10 00:23:47 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Allan\My Documents\ACO Homedrain.url
[2010/09/10 00:22:32 | 000,450,698 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\w-3.bmp
[2010/09/10 00:22:32 | 000,041,325 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\pinoh steps.pdf
[2010/09/10 00:22:32 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\SureTrak.lnk
[2010/09/10 00:22:32 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Timecards.lnk
[2010/09/10 00:22:32 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Expedition.url
[2010/09/10 00:22:32 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Projects.lnk
[2010/09/07 20:36:35 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Outlook.lnk
[2010/09/07 20:36:31 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Excel.lnk
[2010/09/07 20:36:24 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\Word.lnk
[2010/09/07 20:28:04 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Allan\Desktop\JWD Server.lnk
[2010/09/07 20:26:43 | 000,001,732 | -H-- | C] () -- C:\Documents and Settings\Allan\My Documents\Default.rdp
[2010/09/07 20:12:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/07 20:12:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Allan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/07 20:11:15 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Allan\ntuser.ini
[2010/09/07 20:11:12 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Allan\NTUSER.DAT
[2010/09/07 20:11:12 | 000,090,112 | -H-- | C] () -- C:\Documents and Settings\Allan\ntuser.dat.LOG
[2009/10/13 16:50:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\mike\.plugin141_02.trace
[2009/10/13 16:48:02 | 000,000,384 | -HS- | C] () -- C:\Documents and Settings\mike\ntuser.ini
[2009/08/17 00:43:42 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\mike\NTUSER.DAT
[2009/08/17 00:43:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\mike\ntuser.dat.LOG
[2009/06/30 16:23:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\robg\ntuser.ini
[2009/06/30 16:23:07 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\robg\NTUSER.DAT
[2009/06/30 16:23:07 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\robg\ntuser.dat.LOG
[2008/10/03 20:13:39 | 000,038,503 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Excel.ADR
[2008/10/03 20:13:39 | 000,038,497 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Access.ADR
[2008/05/22 22:47:35 | 000,037,623 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Comma Separated Values (Windows).ADR
[2008/05/22 22:47:19 | 000,038,524 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\Microsoft Excel.ADR
[2008/04/28 22:04:57 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\lew\.plugin141_02.trace
[2008/04/28 22:04:38 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\lew\plugin131_02.trace
[2008/04/28 22:04:33 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\lew\ntuser.dat.LOG
[2008/04/28 22:04:33 | 000,000,278 | -H-- | C] () -- C:\Documents and Settings\lew\ntuser.ini
[2008/04/28 22:04:32 | 002,093,056 | -H-- | C] () -- C:\Documents and Settings\lew\NTUSER.DAT
[2008/02/19 23:37:46 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\gary\.plugin141_02.trace
[2008/02/19 23:37:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\gary\ntuser.dat.LOG
[2008/02/19 23:37:14 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\gary\ntuser.ini
[2008/02/19 23:37:13 | 001,925,120 | -H-- | C] () -- C:\Documents and Settings\gary\NTUSER.DAT
[2008/02/13 23:48:32 | 000,005,032 | ---- | C] () -- C:\Documents and Settings\kevin\.plugin141_02.trace
[2008/02/13 23:48:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\kevin\ntuser.dat.LOG
[2008/02/13 23:48:19 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\kevin\ntuser.ini
[2008/02/13 23:48:18 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2008/02/13 23:44:22 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\whitey\.plugin141_02.trace
[2008/02/13 23:44:15 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\whitey\JWD Timecard.xls
[2008/02/13 23:44:08 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\whitey\ntuser.dat.LOG
[2008/02/13 23:44:08 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\whitey\ntuser.ini
[2008/02/13 23:44:07 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\whitey\NTUSER.DAT
[2008/02/08 21:09:39 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\jan\.plugin141_02.trace
[2008/02/08 21:09:17 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\jan\NTUSER.DAT
[2008/02/08 21:09:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jan\ntuser.dat.LOG
[2008/02/08 21:09:17 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\jan\ntuser.ini
[2007/11/15 16:25:18 | 000,007,243 | ---- | C] () -- C:\Documents and Settings\randy\.plugin141_02.trace
[2007/11/15 16:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\randy\MPNTLOG_JWDCI_RANDY.IDX
[2007/11/15 16:25:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\randy\MPNTLOG_JWDCI_RANDY.EVT
[2007/11/15 16:25:10 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\randy\SPTPopUp1.txt
[2007/11/15 16:25:04 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\randy\NTUSER.DAT
[2007/11/15 16:25:04 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\randy\ntuser.dat.LOG
[2007/11/15 16:25:04 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\randy\ntuser.ini
[2007/10/12 15:33:15 | 000,013,035 | ---- | C] () -- C:\Documents and Settings\austin\Application Data\Microsoft Excel.CAL
[2007/10/12 15:32:47 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\austin\webct_upload_applet.properties
[2007/08/06 14:15:19 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Brian\.plugin141_02.trace
[2007/08/06 14:15:06 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Brian\NTUSER.DAT
[2007/08/06 14:15:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Brian\ntuser.dat.LOG
[2007/08/06 14:15:06 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Brian\ntuser.ini
[2007/06/12 18:21:41 | 000,019,870 | ---- | C] () -- C:\Documents and Settings\mary\.plugin141_02.trace
[2007/06/12 18:21:00 | 000,000,384 | -HS- | C] () -- C:\Documents and Settings\mary\ntuser.ini
[2007/06/12 18:20:59 | 004,009,984 | -H-- | C] () -- C:\Documents and Settings\mary\NTUSER.DAT
[2007/06/12 18:20:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\mary\NTUSER.DAT.LOG
[2007/05/16 19:58:14 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/05/16 19:58:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/05/16 19:56:37 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/05/16 19:56:07 | 000,022,247 | ---- | C] () -- C:\WINDOWS\hplj42504350.ini
[2007/05/16 19:55:56 | 000,005,303 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2007/03/21 23:06:34 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\jeffrey\.plugin141_02.trace
[2007/03/21 23:06:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jeffrey\ntuser.dat.LOG
[2007/03/21 23:06:11 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\jeffrey\ntuser.ini
[2007/03/21 23:06:10 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\jeffrey\NTUSER.DAT
[2006/11/01 17:17:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\ken\.plugin141_02.trace
[2006/11/01 17:17:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ken\Application Data\dm.ini
[2006/11/01 17:17:19 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\ken\Exhibit A Elevator Western Pac Elevator7-10-02.doc
[2006/11/01 17:17:18 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\ken\MPNTLOG_JWDCI_ken.EVT
[2006/11/01 17:17:18 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\ken\MPNTLOG_JWDCI_ken.IDX
[2006/11/01 17:17:07 | 000,000,294 | -HS- | C] () -- C:\Documents and Settings\ken\ntuser.ini
[2006/11/01 17:17:06 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\ken\NTUSER.DAT
[2006/11/01 17:17:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\ken\ntuser.dat.LOG
[2006/06/12 20:49:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PrmSymPk32.INI
[2006/06/12 20:46:22 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\austin\ntuser.dat.LOG
[2006/06/12 20:46:22 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\austin\ntuser.ini
[2006/06/12 20:46:21 | 006,049,792 | -H-- | C] () -- C:\Documents and Settings\austin\NTUSER.DAT
[2006/06/09 20:44:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\CONFIG80.SYS
[2006/06/09 20:17:53 | 000,000,827 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2006/06/09 20:17:48 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\DBU_UI.DLL
[2006/06/09 20:17:48 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL
[2006/06/09 20:17:46 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\WDBUUI32.DLL
[2006/06/09 20:17:45 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2006/06/09 20:17:45 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/06/09 20:16:44 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2006/06/09 19:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/09 19:36:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jwd_main\ntuser.ini
[2006/06/09 19:36:17 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\jwd_main\NTUSER.DAT
[2006/06/09 19:36:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\jwd_main\ntuser.dat.LOG
[2006/06/09 18:59:26 | 000,003,078 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/09 18:59:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/09 18:56:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/06/09 18:56:01 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/06/09 18:56:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/06/09 18:54:58 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/09 18:54:57 | 000,225,280 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/06/09 18:54:57 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/04 12:00:00 | 000,533,568 | ---- | C] () -- C:\WINDOWS\System32\msigwiut.dll
[2004/08/04 12:00:00 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\mvb35316.sys
[2003/02/25 05:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/08/29 19:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Autodesk
[2005/06/29 16:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Brightmail
[2007/07/21 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\F-Secure
[2006/11/28 19:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Kensington
[2007/08/15 23:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\OfficeUpdate12
[2008/10/01 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\RCP 5
[2007/06/07 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility
[2007/06/07 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\SpamBlockerUtility_Icons
[2006/06/12 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\austin\Application Data\Viewpoint
[2007/02/13 18:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Autodesk
[2006/02/09 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\Brightmail
[2006/04/19 04:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Autodesk
[2006/03/01 18:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\Brightmail
[2006/03/29 22:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\ShopperReports
[2007/06/08 21:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility
[2007/06/08 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gary\Application Data\SpamBlockerUtility_Icons
[2006/09/15 22:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Autodesk
[2005/12/12 21:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Brightmail
[2009/12/11 20:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Autodesk
[2005/12/16 23:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Brightmail
[2009/05/27 22:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\F-Secure
[2009/02/13 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\FileOpen
[2003/12/12 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\Kensington
[2008/01/15 17:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffrey\Application Data\MSNInstaller
[2008/08/14 15:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jwd_main\Application Data\F-Secure
[2007/12/17 15:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Autodesk
[2004/02/07 00:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Brightmail
[2007/07/23 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\F-Secure
[2003/11/10 18:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ken\Application Data\Kensington
[2006/06/29 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Autodesk
[2004/04/09 13:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Brightmail
[2007/06/12 23:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\OfficeUpdate12
[2008/03/28 19:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Autodesk
[2004/04/09 14:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Brightmail
[2003/10/22 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\Kensington
[2008/04/30 14:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\MSNInstaller
[2008/05/21 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\PDFill
[2007/06/11 16:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility
[2007/06/08 14:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lew\Application Data\SpamBlockerUtility_Icons
[2004/03/01 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Brightmail
[2010/05/27 18:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\F-Secure
[2008/12/12 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\FileOpen
[2010/07/01 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Kensington
[2006/06/23 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mary\Application Data\Viewpoint
[2009/06/19 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Autodesk
[2004/06/10 00:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Brightmail
[2009/03/27 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Downloaded Installations
[2008/10/24 11:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\F-Secure
[2009/01/20 21:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\FileOpen
[2004/06/10 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Kensington
[2009/10/08 23:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Leadertech
[2007/04/11 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Viewpoint
[2006/02/17 23:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Brightmail
[2010/05/17 14:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\F-Secure
[2009/01/13 18:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\FileOpen
[2003/11/07 15:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\Kensington
[2006/03/29 21:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\randy\Application Data\ShopperReports
[2009/07/15 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\F-Secure
[2009/08/02 00:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\robg\Application Data\MSNInstaller
[2006/07/20 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Autodesk
[2004/04/09 13:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Brightmail
[2005/11/09 17:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whitey\Application Data\Kensington

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2008/04/14 00:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 00:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 29 September 2010 - 02:59 PM

Download GMER Rootkit Scanner - Download - Homepage
  1. Extract the contents of the zipped file to the desktop.
  2. Double click GMER.exe.
  3. No need to scan. Just wait until the initial scan is finished.
  4. Once done click on the Rootkit tab, then on the[Save..] button, and in the File name area, type in "ark.txt"
  5. Change the Save as Type to All Files
  6. Save the log where you can easily find it, such as your desktop.
  7. Post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please copy and paste the contents of that report in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 29 September 2010 - 04:07 PM

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    C:\WINDOWS\System32\drivers\mvb35316.sys

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Right click on a Notepad document and select Paste. That will empty the contents of the Clipboard on the document. Copy and Paste the contents of the Notepad document in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 19 October 2010 - 10:43 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users