Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Web Search Redirects


  • This topic is locked This topic is locked
6 replies to this topic

#1 reedmoney

reedmoney

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 28 September 2010 - 01:54 PM

I got something last night while browsing web and everytime I use Google, Bing, Yahoo and click website link it redirects me to another site. I have use malwarebytes, spybot, superantispyware and combo-fix. The problem still exists...please help!!!

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4707

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

9/28/2010 12:53:38 AM
mbam-log-2010-09-28 (00-53-38).txt

Scan type: Quick scan
Objects scanned: 155802
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
C:\Documents and Settings\reeds\Application Data\crss32.exe (Trojan.Scar) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\crss32 service (Trojan.Scar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> Delete on reboot.
C:\WINDOWS\system32\raddrv.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\reeds\Application Data\crss32.exe (Trojan.Scar) -> Quarantined and deleted successfully.

Edited by reedmoney, 28 September 2010 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 02 October 2010 - 11:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 reedmoney

reedmoney
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 04 October 2010 - 10:26 PM

OTL Report

OTL logfile created on: 10/4/2010 11:16:42 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\reeds\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 122.93 Gb Free Space | 88.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-REEDS3
Current User Name: ReedS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 23:15:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\reeds\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/16 12:04:30 | 000,735,960 | ---- | M] (ESET) -- c:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 12:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/03/29 21:40:48 | 000,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/28 14:02:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/03/27 22:56:42 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/03/27 22:52:22 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/03/27 22:51:10 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/03/27 22:46:42 | 000,180,224 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/03/27 22:44:34 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/03/22 13:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/03/21 16:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/03/09 01:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 00:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/07 13:31:00 | 000,243,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/02 20:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/27 06:09:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/02/25 22:33:56 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/02/08 16:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/02/08 16:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/02/01 14:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2007/01/30 22:01:36 | 002,618,944 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/01/30 21:45:42 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/01/30 21:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/29 21:15:52 | 001,194,816 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\FortiTray.exe
PRC - [2007/01/29 21:14:20 | 000,065,554 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
PRC - [2007/01/29 21:09:58 | 000,028,690 | ---- | M] (Fortinet Inc.) -- C:\Program Files\Fortinet\FortiClient\scheduler.exe
PRC - [2007/01/28 19:38:00 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/12/15 19:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/07 06:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/11/03 21:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/09/06 03:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/14 01:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/11/10 16:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/27 19:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2002/08/21 08:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/04 23:15:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\reeds\Desktop\OTL.exe
MOD - [2006/08/25 11:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/14 01:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 10:28:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/16 12:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- c:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 12:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- c:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/03/27 22:46:42 | 000,180,224 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/03/27 22:44:34 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/03/21 16:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/03/02 20:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/27 06:09:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/02/08 16:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/30 21:45:42 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/01/30 21:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/29 21:09:58 | 000,028,690 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files\Fortinet\FortiClient\scheduler.exe -- (FA_Scheduler)
SRV - [2006/12/15 19:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2001/07/24 11:15:53 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/09/06 15:55:47 | 000,022,440 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fortidrv.sys -- (Fortidrv2)
DRV - [2010/09/06 15:55:47 | 000,014,760 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftvnic.sys -- (ft_vnic)
DRV - [2010/09/06 13:11:10 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2010/09/06 13:10:17 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/16 12:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 12:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 11:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/12 07:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 07:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 07:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 07:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 07:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/11 10:54:12 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\DLPORTIO.sys -- (DLPortIO)
DRV - [2007/06/27 13:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 13:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/03/28 14:02:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/03/07 02:51:08 | 000,311,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/03/03 02:54:18 | 000,545,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/02 20:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 20:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 06:08:32 | 000,021,040 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/02/26 20:03:56 | 000,251,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/25 23:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 15:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/29 21:17:40 | 000,018,728 | ---- | M] (Fortinet Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FortiRdr.sys -- (FortiRdr)
DRV - [2007/01/29 21:17:36 | 000,014,376 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fortigen.sys -- (Fortigen)
DRV - [2007/01/29 21:17:16 | 000,097,192 | ---- | M] (Fortinet Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fortips.sys -- (Fortips)
DRV - [2006/12/21 22:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 22:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 22:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/12/19 12:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/11/15 06:00:20 | 000,055,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/22 21:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/13 01:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/03/01 06:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/14 01:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/01/13 03:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/11/08 12:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 13:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 02:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 02:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=10.1.1.69:80

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=10.1.1.69:80



IE - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: c:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/06 17:00:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/28 14:31:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [egui] c:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: foodcity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: foodcity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1302607291-570889146-1230779191-1275\..Trusted Domains: foodcity.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = foodcity.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 23:15:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\reeds\Desktop\OTL.exe
[2010/09/29 11:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Apple Computer
[2010/09/29 11:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/29 11:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/29 11:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/29 11:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/29 11:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/29 11:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Apple
[2010/09/29 11:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/29 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/29 11:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/29 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/29 11:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Apple Computer
[2010/09/29 10:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Desktop\Office Space
[2010/09/29 07:58:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/09/28 16:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\My Documents\Downloads
[2010/09/28 15:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Temp
[2010/09/28 15:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Google
[2010/09/28 15:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Deployment
[2010/09/28 15:55:16 | 002,468,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE9-WindowsVista-x86-enu.exe
[2010/09/28 15:50:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/28 14:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\ESET
[2010/09/28 14:24:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/28 14:23:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/28 14:23:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/28 14:23:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/28 14:23:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/28 14:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/28 14:07:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\reeds\Desktop\HJTInstall.exe
[2010/09/28 13:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/28 13:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/28 12:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\SUPERAntiSpyware.com
[2010/09/28 12:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/28 12:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/28 12:49:50 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\reeds\Desktop\SUPERAntiSpyware.exe
[2010/09/28 12:39:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/28 12:39:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/28 12:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/28 12:38:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\reeds\Desktop\mbam-setup-1.46.exe
[2010/09/28 12:28:51 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2010/09/28 11:27:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/28 11:24:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/28 08:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/09/28 08:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\My Documents\Anti-Malware
[2010/09/28 08:33:08 | 094,775,600 | ---- | C] (Emsi Software GmbH ) -- C:\Program Files\a2AntiMalwareSetup.exe
[2010/09/28 08:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\tdsskiller
[2010/09/28 00:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Malwarebytes
[2010/09/28 00:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/28 00:05:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/09/23 15:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\My Documents\The Tournament Director 2
[2010/09/23 15:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\The Tournament Director 2
[2010/09/23 08:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Desktop\2oD3zvKm20100923034846
[2010/09/21 13:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Desktop\Hazard_remodel
[2010/09/20 10:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/09/20 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\My Documents\Autodesk
[2010/09/20 10:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Autodesk
[2010/09/20 10:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Autodesk
[2010/09/20 10:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Desktop\ig9sZ5kL20100920034654
[2010/09/20 10:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/18 16:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\GR88
[2010/09/17 13:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Verizon Wireless
[2010/09/17 13:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/09/17 13:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/09/17 13:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2010/09/17 13:46:34 | 000,113,680 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys
[2010/09/17 13:46:34 | 000,011,920 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTDUWFLT.sys
[2010/09/17 13:46:30 | 000,160,272 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTDUVsp.sys
[2010/09/17 13:46:29 | 000,160,272 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTDUMdm.sys
[2010/09/17 13:46:27 | 000,054,416 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTDUBus.sys
[2010/09/17 13:46:24 | 000,111,704 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\PTDUWmcp64.dll
[2010/09/17 13:46:24 | 000,100,952 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\PTDUWmcp.dll
[2010/09/17 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\PANTECH
[2010/09/16 21:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\PokerHub
[2010/09/16 21:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\PokerHub.org
[2010/09/13 20:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\WMTools Downloaded Files
[2010/09/13 20:00:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reeds\My Documents\My Videos
[2010/09/13 16:05:22 | 000,561,152 | ---- | C] (Joshua F. Madison) -- C:\Documents and Settings\reeds\Desktop\Convert.exe
[2010/09/13 15:58:45 | 000,000,000 | ---D | C] -- C:\Hill Phoenix SmartValve v3211
[2010/09/13 15:43:39 | 000,000,000 | ---D | C] -- C:\DesktopPolicy
[2010/09/13 15:40:08 | 000,283,648 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\crrun32.exe
[2010/09/13 15:40:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2010/09/13 15:40:06 | 005,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\crpe32.dll
[2010/09/13 15:40:06 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\crpaig32.dll
[2010/09/13 15:40:06 | 000,058,368 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2irdao.dll
[2010/09/13 15:40:06 | 000,034,816 | ---- | C] (Scientific Software Tools, Inc.) -- C:\WINDOWS\System32\DLPORTIO.dll
[2010/09/13 15:40:05 | 000,091,136 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\p2bdao.dll
[2010/09/13 15:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\UltraSite32
[2010/09/13 15:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2010/09/13 15:20:05 | 000,000,000 | ---D | C] -- C:\PTW
[2010/09/13 15:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Desktop\Pics
[2010/09/12 21:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\acccore
[2010/09/12 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\AOL
[2010/09/12 21:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\AIM
[2010/09/12 21:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/09/12 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/09/12 21:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/09/12 21:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/09/12 21:11:16 | 007,278,160 | ---- | C] (AOL Inc.) -- C:\Program Files\Install_AIM.exe
[2010/09/09 19:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\skypePM
[2010/09/09 19:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Skype
[2010/09/09 19:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\cache
[2010/09/09 19:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/09 19:47:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/09 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/09/09 19:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\FullTiltPoker
[2010/09/09 19:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/09/09 19:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010/09/09 19:44:37 | 000,948,104 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/09/09 19:44:35 | 010,966,496 | ---- | C] (PokerStars) -- C:\Program Files\PokerStarsInstall.exe
[2010/09/09 19:19:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/09/09 14:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\My Documents\Updater5
[2010/09/09 10:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\PhotoFiltre
[2010/09/09 10:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre
[2010/09/09 10:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Macromedia
[2010/09/09 09:38:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\reeds\Application Data\Microsoft
[2010/09/09 09:38:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\reeds\SendTo
[2010/09/09 09:38:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\reeds\Recent
[2010/09/09 09:38:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\reeds\Application Data
[2010/09/09 09:38:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reeds\Start Menu
[2010/09/09 09:38:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reeds\My Documents\My Pictures
[2010/09/09 09:38:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reeds\My Documents\My Music
[2010/09/09 09:38:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reeds\My Documents
[2010/09/09 09:38:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reeds\Favorites
[2010/09/09 09:38:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\reeds\Cookies
[2010/09/09 09:38:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\reeds\Templates
[2010/09/09 09:38:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\reeds\PrintHood
[2010/09/09 09:38:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\reeds\NetHood
[2010/09/09 09:38:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\reeds\Local Settings
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Microsoft
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Lenovo
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\InstallShield
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Identities
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Desktop
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Client Security Solution
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\BVRP Software
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\ApplicationHistory
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\Adobe
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Application Data\Adobe
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\My Documents\Access Connections
[2010/09/09 09:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reeds\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/09/07 11:09:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/09/07 10:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/09/07 10:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/07 10:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/09/07 10:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/07 10:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD Architecture 2010
[2010/09/07 10:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/09/07 10:23:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/09/07 10:22:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/09/07 10:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/09/07 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/09/07 10:21:38 | 000,000,000 | ---D | C] -- C:\4159610fda015430111b
[2010/09/07 10:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/09/06 17:43:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/06 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/09/06 17:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/09/06 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/09/06 17:17:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/09/06 17:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/06 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/06 17:10:21 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/09/06 17:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/06 17:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/06 15:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Fortinet
[2010/09/06 13:25:45 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2010/09/06 13:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Toolbar
[2010/09/06 13:22:30 | 000,000,000 | ---D | C] -- C:\I386
[2010/09/06 13:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/09/06 13:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/09/06 13:14:36 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2010/09/06 13:12:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\(null)
[2010/09/06 13:11:13 | 000,000,000 | ---D | C] -- C:\SWSHARE
[2010/09/06 13:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/06 13:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2010/09/06 13:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2010/09/06 13:09:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/09/06 13:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/09/06 13:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\PCDR5
[2010/09/06 13:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo Registration
[2010/09/06 13:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/09/06 13:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/09/06 13:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/06 13:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/09/06 13:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage
[2010/09/06 13:05:13 | 000,000,000 | ---D | C] -- C:\Icons
[2010/09/06 13:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic Icons for Lenovo
[2010/09/06 13:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/09/06 13:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/09/06 13:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2010/09/06 13:05:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2010/09/06 13:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Multimedia Center for Think Offerings
[2010/09/06 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/09/06 13:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2010/09/06 13:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/06 13:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/06 13:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2010/09/06 12:59:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/09/06 12:59:24 | 000,000,000 | ---D | C] -- C:\Intel
[2010/09/06 12:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2010/09/06 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2010/09/06 12:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/09/06 12:58:23 | 001,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2010/09/06 12:58:23 | 000,053,248 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2010/09/06 12:58:23 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/09/06 12:58:23 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/09/06 12:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/09/06 12:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/09/06 12:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/06 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2010/09/06 12:57:01 | 000,569,344 | ---- | C] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
[2010/09/06 12:56:59 | 000,299,008 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2010/09/06 12:56:59 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/09/06 12:56:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/09/06 12:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2uvc
[2010/09/06 12:56:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/09/06 12:56:51 | 000,177,664 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/09/06 12:56:51 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/09/06 12:56:51 | 000,094,208 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/09/06 12:56:51 | 000,073,728 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2010/09/06 12:56:51 | 000,065,536 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2010/09/06 12:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/09/06 12:56:45 | 000,393,216 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll
[2010/09/06 12:56:45 | 000,376,923 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapi.dll
[2010/09/06 12:56:45 | 000,372,736 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg11.dll
[2010/09/06 12:56:45 | 000,364,629 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2010/09/06 12:56:45 | 000,344,156 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll
[2010/09/06 12:56:45 | 000,303,199 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll
[2010/09/06 12:56:45 | 000,237,568 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll
[2010/09/06 12:56:45 | 000,114,792 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll
[2010/09/06 12:56:45 | 000,114,766 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll
[2010/09/06 12:56:45 | 000,090,112 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\oemres.dll
[2010/09/06 12:56:45 | 000,077,824 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11res.dll
[2010/09/06 12:55:58 | 001,257,566 | R--- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll
[2010/09/06 12:55:58 | 000,254,023 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll
[2010/09/06 12:55:58 | 000,249,925 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll
[2010/09/06 12:55:58 | 000,082,017 | R--- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll
[2010/09/06 12:55:48 | 000,545,824 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2010/09/06 12:55:48 | 000,545,824 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\ar5211.sys
[2010/09/06 12:55:48 | 000,118,784 | ---- | C] (Atheros) -- C:\WINDOWS\System32\ATHCFG10.DLL
[2010/09/06 12:55:48 | 000,055,840 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2010/09/06 12:55:48 | 000,055,840 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2010/09/06 12:55:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/09/06 12:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2010/09/06 12:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/06 12:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Installshield
[2010/09/06 12:53:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/09/06 12:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/09/06 12:52:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/09/06 12:52:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/09/06 12:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/09/06 12:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/09/06 12:49:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/09/06 12:45:39 | 000,098,304 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
[2010/09/06 12:45:39 | 000,015,872 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\drivers\atmeltpm.sys
[2010/09/06 12:45:36 | 000,000,000 | ---D | C] -- C:\drivers
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 23:15:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\reeds\Desktop\OTL.exe
[2010/10/04 23:15:40 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Current Bankroll.xls
[2010/10/04 23:04:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1302607291-570889146-1230779191-1275UA.job
[2010/10/04 20:29:06 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/10/04 19:36:02 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/04 19:36:02 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 19:36:01 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/04 19:32:04 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/10/04 19:30:58 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/10/04 19:30:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 19:30:36 | 000,000,518 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/10/04 19:30:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/04 19:30:32 | 3194,269,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 11:30:11 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\reeds\NTUSER.DAT
[2010/10/04 11:29:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\reeds\ntuser.ini
[2010/10/02 10:07:21 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/01 16:45:01 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/01 16:04:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1302607291-570889146-1230779191-1275Core.job
[2010/10/01 10:17:30 | 000,020,495 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\PS stats-September.jpg
[2010/09/30 09:01:39 | 000,020,819 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\wsop_2009circuit_300x225.jpg
[2010/09/29 11:49:37 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/29 11:49:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/29 10:16:08 | 000,779,607 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Office Space.zip
[2010/09/29 09:59:53 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Store # 601 Johnson City TN.xls
[2010/09/29 08:17:05 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/28 16:01:48 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Google Chrome.lnk
[2010/09/28 16:01:48 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/28 15:49:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/28 14:31:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/28 14:31:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/28 14:24:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/28 14:21:29 | 003,855,377 | R--- | M] () -- C:\Documents and Settings\reeds\Desktop\Combo-Fix.exe
[2010/09/28 14:07:25 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\HijackThis.lnk
[2010/09/28 14:07:23 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\reeds\Desktop\HJTInstall.exe
[2010/09/28 12:50:38 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/28 12:50:07 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\reeds\Desktop\SUPERAntiSpyware.exe
[2010/09/28 12:39:15 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/28 12:39:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\reeds\Desktop\mbam-setup-1.46.exe
[2010/09/28 08:34:08 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/09/28 08:34:08 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/09/28 08:33:10 | 094,775,600 | ---- | M] (Emsi Software GmbH ) -- C:\Program Files\a2AntiMalwareSetup.exe
[2010/09/28 00:05:55 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\cids
[2010/09/27 20:21:58 | 000,002,048 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2010/09/27 20:21:58 | 000,000,096 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2010/09/27 20:21:58 | 000,000,045 | ---- | M] () -- C:\WINDOWS\ptw.cfg
[2010/09/26 19:58:36 | 000,001,557 | ---- | M] () -- C:\WINDOWS\aka65.ini
[2010/09/23 15:51:48 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Tournament Director 2.lnk
[2010/09/23 15:51:26 | 002,926,941 | ---- | M] () -- C:\Program Files\TournamentDirector2511.exe
[2010/09/23 09:40:58 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\9-22 QH Payout.xls
[2010/09/23 09:37:19 | 000,028,533 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\9-22 BAP Payout.jpg
[2010/09/23 08:52:25 | 000,002,450 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\2oD3zvKm20100923034846.zip
[2010/09/21 15:51:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/21 14:55:32 | 000,003,955 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\438-TEMP VIDEO-Model-2.pdf
[2010/09/21 14:54:50 | 000,016,188 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\438-TEMP VIDEO-Model.pdf
[2010/09/21 13:56:22 | 000,029,950 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\A19-17-Model.pdf
[2010/09/21 13:48:46 | 000,039,521 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\P-2-P-2.pdf
[2010/09/21 10:40:02 | 000,486,387 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\privatemessages-ReedMoney-September 21st, 2010.xml
[2010/09/21 01:13:26 | 000,050,980 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Stars 9-20.jpg
[2010/09/21 01:12:46 | 000,057,110 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\FTP 9-20.jpg
[2010/09/20 20:46:08 | 000,037,566 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\willis_patrick.jpg
[2010/09/20 11:46:16 | 002,982,492 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Hazard_remodel.zip
[2010/09/20 10:51:30 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Sunday 9-19 Payout.xls
[2010/09/20 10:29:06 | 000,024,756 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\sunday 9-19 2-2.jpg
[2010/09/20 10:24:03 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\MiniFTOPS Payout.xls
[2010/09/20 10:20:36 | 000,053,066 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\bap closing.jpg
[2010/09/20 10:05:34 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\ig9sZ5kL20100920034654.zip
[2010/09/20 10:03:31 | 001,093,265 | ---- | M] () -- C:\Program Files\7z916.exe
[2010/09/20 09:24:49 | 014,501,192 | ---- | M] () -- C:\Program Files\winzip145.exe
[2010/09/20 09:15:27 | 000,018,995 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\TOURNEYS ReedMoney.mht
[2010/09/20 00:28:18 | 000,050,284 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\MFTOPS 2-2.jpg
[2010/09/19 22:39:11 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\TournamentParser.lnk
[2010/09/18 20:54:44 | 000,080,584 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\klassyUTvUF.jpg
[2010/09/18 16:52:24 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\GR88.lnk
[2010/09/18 16:51:57 | 014,534,079 | ---- | M] () -- C:\Program Files\GR88Installer.exe
[2010/09/17 22:22:04 | 004,805,602 | -H-- | M] () -- C:\Documents and Settings\reeds\Local Settings\Application Data\IconCache.db
[2010/09/17 13:50:19 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/09/17 05:13:22 | 000,086,508 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\MF-25.jpg
[2010/09/16 21:05:29 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\reeds\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/16 21:05:17 | 000,191,171 | ---- | M] () -- C:\Program Files\TournamentParserInstall.exe
[2010/09/13 16:56:03 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\438-Remodel Schedule 9-13-10.doc
[2010/09/13 15:58:49 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartValve v3.2.1.1.lnk
[2010/09/13 15:43:33 | 000,002,352 | RHS- | M] () -- C:\Documents and Settings\reeds\ntuser.pol
[2010/09/13 15:43:26 | 000,013,574 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/09/13 15:15:20 | 000,000,351 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Shortcut to NC25s.lnk
[2010/09/12 21:12:10 | 000,000,460 | -H-- | M] () -- C:\IPH.PH
[2010/09/12 21:11:45 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/12 21:11:45 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/09/12 21:11:17 | 007,278,160 | ---- | M] (AOL Inc.) -- C:\Program Files\Install_AIM.exe
[2010/09/12 12:27:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/09 19:49:30 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 19:45:51 | 000,948,104 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/09/09 19:45:05 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2010/09/09 19:44:57 | 021,033,309 | ---- | M] () -- C:\Program Files\FullTiltSetup.exe
[2010/09/09 19:44:42 | 010,966,496 | ---- | M] (PokerStars) -- C:\Program Files\PokerStarsInstall.exe
[2010/09/09 15:18:40 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\WINWORD.lnk
[2010/09/09 15:17:50 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\EXCEL.lnk
[2010/09/09 10:23:42 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\PhotoFiltre.lnk
[2010/09/09 10:23:19 | 004,118,294 | ---- | M] () -- C:\Program Files\pf-setup-en.exe
[2010/09/09 10:07:14 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Email.lnk
[2010/09/09 09:42:12 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/09 09:39:24 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\Windows Media Player.lnk
[2010/09/08 07:10:32 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\438-Remodel Schedule 9-1-10.doc
[2010/09/07 10:36:09 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/07 10:34:26 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Architecture 2010 (US Imperial).lnk
[2010/09/07 10:34:26 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Architecture 2010 (US Metric).lnk
[2010/09/06 17:17:37 | 000,000,631 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/06 17:02:55 | 000,000,170 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/06 15:56:22 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FortiClient.lnk
[2010/09/06 15:55:47 | 000,022,440 | ---- | M] (Fortinet Inc) -- C:\WINDOWS\System32\drivers\fortidrv.sys
[2010/09/06 15:55:47 | 000,014,760 | ---- | M] (Fortinet Inc.) -- C:\WINDOWS\System32\drivers\ftvnic.sys
[2010/09/06 13:24:40 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\LENOVO_7735_W12.MRK
[2010/09/06 13:24:38 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\firstboot.lgl
[2010/09/06 13:24:23 | 000,002,424 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/06 13:24:21 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/09/06 13:24:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/06 13:21:11 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/09/06 13:18:57 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/09/06 13:18:46 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/09/06 13:09:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2010/09/06 13:05:37 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
[2010/09/06 13:05:37 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/09/06 12:59:18 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/09/06 12:51:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/06 12:50:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/06 12:50:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/06 12:45:42 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2010/08/16 16:52:36 | 001,292,832 | ---- | M] () -- C:\Documents and Settings\reeds\Desktop\VCT-2.dwg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 10:17:29 | 000,020,495 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\PS stats-September.jpg
[2010/09/30 09:01:39 | 000,020,819 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\wsop_2009circuit_300x225.jpg
[2010/09/29 11:50:57 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/29 11:49:37 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/29 11:49:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/29 10:16:08 | 000,779,607 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Office Space.zip
[2010/09/29 09:59:53 | 000,571,392 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Store # 601 Johnson City TN.xls
[2010/09/28 16:01:48 | 000,002,291 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Google Chrome.lnk
[2010/09/28 16:01:48 | 000,002,269 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/28 15:59:32 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1302607291-570889146-1230779191-1275UA.job
[2010/09/28 15:59:31 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1302607291-570889146-1230779191-1275Core.job
[2010/09/28 14:23:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/28 14:23:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/28 14:23:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/28 14:23:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/28 14:23:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/28 14:20:48 | 003,855,377 | R--- | C] () -- C:\Documents and Settings\reeds\Desktop\Combo-Fix.exe
[2010/09/28 14:07:25 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\HijackThis.lnk
[2010/09/28 12:50:38 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/28 12:39:15 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/28 11:31:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/28 11:31:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/28 08:34:08 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2010/09/28 08:34:08 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/09/28 00:05:55 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\cids
[2010/09/23 15:51:48 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Tournament Director 2.lnk
[2010/09/23 15:51:22 | 002,926,941 | ---- | C] () -- C:\Program Files\TournamentDirector2511.exe
[2010/09/23 09:40:58 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\9-22 QH Payout.xls
[2010/09/23 09:37:18 | 000,028,533 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\9-22 BAP Payout.jpg
[2010/09/23 08:52:25 | 000,002,450 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\2oD3zvKm20100923034846.zip
[2010/09/21 15:24:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/21 14:55:32 | 000,003,955 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\438-TEMP VIDEO-Model-2.pdf
[2010/09/21 14:54:50 | 000,016,188 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\438-TEMP VIDEO-Model.pdf
[2010/09/21 13:56:21 | 000,029,950 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\A19-17-Model.pdf
[2010/09/21 13:48:45 | 000,039,521 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\P-2-P-2.pdf
[2010/09/21 10:40:00 | 000,486,387 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\privatemessages-ReedMoney-September 21st, 2010.xml
[2010/09/21 01:13:25 | 000,050,980 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Stars 9-20.jpg
[2010/09/21 01:12:45 | 000,057,110 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\FTP 9-20.jpg
[2010/09/20 20:46:07 | 000,037,566 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\willis_patrick.jpg
[2010/09/20 11:46:16 | 002,982,492 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Hazard_remodel.zip
[2010/09/20 10:53:18 | 001,292,832 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\VCT-2.dwg
[2010/09/20 10:51:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Sunday 9-19 Payout.xls
[2010/09/20 10:29:05 | 000,024,756 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\sunday 9-19 2-2.jpg
[2010/09/20 10:24:03 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\MiniFTOPS Payout.xls
[2010/09/20 10:20:34 | 000,053,066 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\bap closing.jpg
[2010/09/20 10:03:18 | 001,093,265 | ---- | C] () -- C:\Program Files\7z916.exe
[2010/09/20 09:24:46 | 014,501,192 | ---- | C] () -- C:\Program Files\winzip145.exe
[2010/09/20 09:15:27 | 000,018,995 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\TOURNEYS ReedMoney.mht
[2010/09/20 03:53:05 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\ig9sZ5kL20100920034654.zip
[2010/09/20 00:28:17 | 000,050,284 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\MFTOPS 2-2.jpg
[2010/09/19 22:39:11 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\TournamentParser.lnk
[2010/09/18 20:54:42 | 000,080,584 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\klassyUTvUF.jpg
[2010/09/18 16:52:24 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\GR88.lnk
[2010/09/18 16:51:51 | 014,534,079 | ---- | C] () -- C:\Program Files\GR88Installer.exe
[2010/09/17 13:50:19 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/09/17 05:12:54 | 000,086,508 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\MF-25.jpg
[2010/09/16 21:05:12 | 000,191,171 | ---- | C] () -- C:\Program Files\TournamentParserInstall.exe
[2010/09/15 20:28:05 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Current Bankroll.xls
[2010/09/13 16:56:02 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\438-Remodel Schedule 9-13-10.doc
[2010/09/13 16:17:16 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\438-Remodel Schedule 9-1-10.doc
[2010/09/13 15:58:49 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartValve v3.2.1.1.lnk
[2010/09/13 15:43:33 | 000,002,352 | RHS- | C] () -- C:\Documents and Settings\reeds\ntuser.pol
[2010/09/13 15:40:16 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.sys
[2010/09/13 15:40:06 | 000,460,800 | ---- | C] () -- C:\WINDOWS\System32\WCT32D.DLL
[2010/09/13 15:38:28 | 000,002,048 | ---- | C] () -- C:\WINDOWS\PTW_PRT1.CFG
[2010/09/13 15:38:28 | 000,000,096 | ---- | C] () -- C:\WINDOWS\PTW_PRT2.CFG
[2010/09/13 15:38:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\ptw.cfg
[2010/09/13 15:16:56 | 000,001,557 | ---- | C] () -- C:\WINDOWS\aka65.ini
[2010/09/13 15:16:02 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\AKA 65.lnk
[2010/09/13 15:15:20 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Shortcut to NC25s.lnk
[2010/09/12 21:11:45 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/12 21:11:45 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/09/12 21:11:28 | 000,000,460 | -H-- | C] () -- C:\IPH.PH
[2010/09/09 19:49:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 19:48:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:45:05 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2010/09/09 19:44:51 | 021,033,309 | ---- | C] () -- C:\Program Files\FullTiltSetup.exe
[2010/09/09 15:17:14 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\WINWORD.lnk
[2010/09/09 15:17:14 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\EXCEL.lnk
[2010/09/09 10:23:42 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\PhotoFiltre.lnk
[2010/09/09 10:23:10 | 004,118,294 | ---- | C] () -- C:\Program Files\pf-setup-en.exe
[2010/09/09 10:06:23 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Email.lnk
[2010/09/09 09:42:12 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/09 09:39:24 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\reeds\Desktop\Windows Media Player.lnk
[2010/09/09 09:38:30 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/09 09:38:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\reeds\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/09 09:38:29 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\reeds\NTUSER.DAT
[2010/09/09 09:38:29 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\reeds\ntuser.dat.LOG
[2010/09/09 09:38:29 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\reeds\ntuser.ini
[2010/09/07 10:37:18 | 000,013,574 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/09/07 10:34:26 | 000,002,014 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Architecture 2010 (US Imperial).lnk
[2010/09/07 10:34:26 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Architecture 2010 (US Metric).lnk
[2010/09/07 10:22:41 | 000,203,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/06 17:17:50 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/06 17:02:49 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\r_server.exe
[2010/09/06 17:00:28 | 000,001,157 | ---- | C] () -- C:\default_minimal_config.xml
[2010/09/06 17:00:23 | 033,212,928 | ---- | C] () -- C:\eavbe_nt32_enu.msi
[2010/09/06 15:56:22 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FortiClient.lnk
[2010/09/06 13:24:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\drivers\LENOVO_7735_W12.MRK
[2010/09/06 13:24:38 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\firstboot.lgl
[2010/09/06 13:24:21 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/09/06 13:24:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/09/06 13:21:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/09/06 13:18:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/06 13:09:51 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/09/06 13:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2010/09/06 13:09:18 | 005,292,056 | ---- | C] () -- C:\WINDOWS\1680_1050 Think Americas Map.bmp
[2010/09/06 13:09:18 | 001,920,056 | ---- | C] () -- C:\WINDOWS\800_600 Think Americas Map.bmp
[2010/09/06 13:09:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/09/06 13:09:16 | 007,680,056 | ---- | C] () -- C:\WINDOWS\1600_1200 Think Americas Map.bmp
[2010/09/06 13:09:16 | 005,880,056 | ---- | C] () -- C:\WINDOWS\1400_1050 Think Americas Map.bmp
[2010/09/06 13:09:16 | 005,242,936 | ---- | C] () -- C:\WINDOWS\1280_1024 Think Americas Map.bmp
[2010/09/06 13:09:16 | 003,145,784 | ---- | C] () -- C:\WINDOWS\1024_768 Think Americas Map.bmp
[2010/09/06 13:09:16 | 003,072,056 | ---- | C] () -- C:\WINDOWS\1280_800 Think Americas Map.bmp
[2010/09/06 13:09:16 | 002,949,176 | ---- | C] () -- C:\WINDOWS\1280_768 Think Americas Map.bmp
[2010/09/06 13:06:01 | 000,009,679 | ---- | C] () -- C:\WINDOWS\System32\msxml4r.cat
[2010/09/06 13:06:01 | 000,009,675 | ---- | C] () -- C:\WINDOWS\System32\msxml4.cat
[2010/09/06 13:06:01 | 000,003,489 | ---- | C] () -- C:\WINDOWS\System32\msxml4.Manifest
[2010/09/06 13:06:01 | 000,000,500 | ---- | C] () -- C:\WINDOWS\System32\msxml4r.Manifest
[2010/09/06 13:05:37 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
[2010/09/06 13:05:37 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/09/06 13:05:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/06 13:04:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/06 13:04:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/06 13:04:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/06 13:04:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/06 13:04:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/06 13:04:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/09/06 12:59:47 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/09/06 12:59:24 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/09/06 12:59:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2010/09/06 12:59:24 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2010/09/06 12:59:24 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2010/09/06 12:59:24 | 000,025,376 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/09/06 12:59:24 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/09/06 12:59:18 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/09/06 12:57:44 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2010/09/06 12:57:38 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\PMTask.job
[2010/09/06 12:57:37 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/06 12:57:36 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/06 12:57:00 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/09/06 12:57:00 | 000,013,022 | ---- | C] () -- C:\WINDOWS\snp2uvc.src
[2010/09/06 12:56:59 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/09/06 12:56:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2010/09/06 12:56:47 | 000,010,134 | ---- | C] () -- C:\WINDOWS\SetupIcon.ico
[2010/09/06 12:56:45 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/09/06 12:56:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/09/06 12:55:48 | 000,064,234 | ---- | C] () -- C:\WINDOWS\System32\net5211.inf
[2010/09/06 12:55:48 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\net5211.cat
[2010/09/06 12:55:48 | 000,009,098 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat
[2010/09/06 12:55:48 | 000,008,675 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat
[2010/09/06 12:55:48 | 000,005,357 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf
[2010/09/06 12:55:48 | 000,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf
[2010/09/06 12:51:46 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2010/09/06 12:48:59 | 3194,269,696 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/06 12:45:44 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/09/06 12:45:39 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2010/09/06 12:45:36 | 000,000,083 | ---- | C] () -- C:\syslevel.lgl
[2008/11/05 14:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll
[2008/11/05 14:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll
[2007/10/02 10:31:01 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2007/03/02 08:15:36 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 08:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:55:59 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/07 10:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/09/06 13:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2010/09/12 21:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/09/29 10:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/09/06 17:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/06 13:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/09/06 13:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/09/17 13:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/09/29 11:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/06 13:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2010/09/06 13:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Lenovo
[2010/09/12 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\reeds\Application Data\acccore
[2010/09/29 10:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\reeds\Application Data\Autodesk
[2010/09/06 13:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\reeds\Application Data\Lenovo
[2010/09/09 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\reeds\Application Data\PhotoFiltre
[2010/10/04 20:29:06 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/13 18:35:46 | 000,346,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2007/08/13 18:35:38 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 20:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 20:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 20:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/06 13:24:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/28 14:24:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/28 14:34:43 | 000,027,954 | ---- | M] () -- C:\ComboFix.txt
[2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/26 11:19:27 | 000,001,157 | ---- | M] () -- C:\default_minimal_config.xml
[2010/09/06 13:04:36 | 000,002,750 | ---- | M] () -- C:\drivez.log
[2006/04/14 01:55:44 | 000,000,529 | ---- | M] () -- C:\dsbHSM.inf
[2009/12/30 09:57:22 | 033,212,928 | ---- | M] () -- C:\eavbe_nt32_enu.msi
[2010/10/04 19:30:32 | 3194,269,696 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/12 21:12:10 | 000,000,460 | -H-- | M] () -- C:\IPH.PH
[2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2010/10/04 19:30:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/09/06 12:45:42 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2010/09/28 08:20:54 | 000,107,462 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.09.2010_08.20.19_log.txt
[2010/09/28 12:08:54 | 000,054,714 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.09.2010_12.08.36_log.txt
[2010/10/04 19:30:38 | 000,000,660 | ---- | M] () -- C:\TPHKLOCK.TXT

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/12/06 22:14:58 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP032.DLL
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\system32\user32.dll
[2005/03/02 15:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\I386\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

< MD5 for: WS2_32.DLL >
[2004/08/04 08:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004/08/04 08:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1
"NoAutoRebootWithLoggedOnUsers" = 1
"NoAUShutdownOption" = 1
"DetectionFrequencyEnabled" = 1
"DetectionFrequency" = 1
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 1440
"UseWUServer" = 1
"NoAutoUpdate" = 0
"AUOptions" = 3
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 0
< End of report >


#4 reedmoney

reedmoney
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 04 October 2010 - 11:48 PM

I have tried to run the gmer scan 3 times and each time I get a blue screen and computer restarts. Once it boots backs up...i get a message the system has recovered from a serious error.

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 05 October 2010 - 11:30 AM

Hello, reedmoney.
OK, we'll do this instead.



Step 1


Pleaes don't forget to post extras.txt from the OTL scan, I only see otl.txt posted. Please rerun the scan if needed.



Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 3

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 12 October 2010 - 05:39 PM

any update?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 16 October 2010 - 03:48 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users