Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First freezing, then reboots and errors, now BSOD


  • This topic is locked This topic is locked
25 replies to this topic

#1 KeithKatz

KeithKatz

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 04 October 2010 - 09:58 PM

Folks,

First I wish to thank anyone who responds to this in advance as I am at my wits end. I have tried to resolve this using techniques I have used in the past which worked, but this time I am coming up blank.

I had a small power failure a few days ago and I am not sure it is the cause, or pure coincidence, but shortly after, I have been suffering freezing of the OS, sudden reboots, and even more recently BSOD. I have tried to troubleshoot by myself, ran AVAST, and also Malwarebytes. I've run all of the above in both full OS and also in Safe Mode. Recently I can't even keep the OS alive long enough to get virus scan to run.

I did find one trojan and many adwares, but after those were fixed, the problem remains.

I have several screen captures of the errors reported on reboot. The errors are not consistent, starting with the first one, BCCode: 1000007f, BCP1: 0000000D, and then BCP2 through BCP4 are all 0s. The second one BCCode: 1000008e, BCP1: C0000005, BCP2: 804DDB57, BCP3: A7540VF0, BCP4: 00000000. The third one BCCode: 1000000a, BCP1: CB0836CB, BCP2: 000000FF, BCP3: 00000001, BCP4: 804E4DA5

I wasn't able to capture the last BSOD error.

Edited by hamluis, 05 October 2010 - 07:23 AM.
Moved from XP to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:30 PM

Posted 04 October 2010 - 10:24 PM

Edit: Someone will else will have to assist you.

Edited by dc3, 04 October 2010 - 10:26 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 07 October 2010 - 09:20 PM

Disappointed is an understatement...I was getting tremendous help from Rockmilk on the WinXP forum but that thread was closed by Hamluis before we were done resolving and now I am stuck.

I didn't get ONE response for this thread on this forum, and the only response I did get was while this thread was on the WinXP from dc3 who simply said "Someone will else will have to assist you." That's when this thread was moved by some unknown person to this forum where it's sat for 3 days unaddressed.

Why do others who are not involved decide to move or shut down threads even when they are not finished?

#4 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 October 2010 - 02:28 PM

Judging by the lack of response to both the initial inquiry above, the newly moved thread here, and the last mention of my disappointment from not having the thread on the WinXP forum completed before it was closed by another person, it looks as though nothing is going to happen here.

Therefore, I am going to open a new thread back in WinXP as it appears the folks who help over there are both more apt to respond with real help, and more attentive to people's issues.

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:30 AM

Posted 08 October 2010 - 03:06 PM

Perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware
QUOTE
Please download Malwarebytes Anti-Malware and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:
QUOTE
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

QUOTE
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:30 AM

Posted 08 October 2010 - 03:07 PM

Hi, I'm sorry for the confusion. Member Rockmilk was letting different people using his account, something that is not allowed here. This led along with other issues to him being banned.

Lets take up things where they were left off: at this point, how are things running and what problems are you still having.

I hope we will get this fixed as soon as possible. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 October 2010 - 03:42 PM

Thank you both for the reply. I am at work now, unfortunately the PC with the problems is at home. I will be in front of that PC in about 2 hours (maybe less), and can pick up where left off at that time. Between the two of you, cryptodan and elise025, I don't know if you both want me to follow the suggestions of cryptodan, but I can tell you both this much...

I had run Eset as last recommended by rockmilk, and although Internet Explorer crashed several times during the scans (since it was scanning 4 drives), it eventually completed a scan on the boot drive and came up clean. Also Malwarebytes shows no infections as of the last run before the Eset. Both were deep scans with all options checked that were available to scan every file type and archived/compressed files. On Eset, it defaulted to all drives, but since I have 4 drives on that PC, and three of them are 400GB, I eventually unchecked the ones that are not the boot drive due to repeated crashes while scanning and never getting completed due to the time required. In one scan it was 43% done after scanning all night, only to crash and start over. When Eset was crashing, it was just Internet Explorer that was shutting down, not the PC. At that point the PC was not shutting down.

Now the PC is no longer BSODing but is simply shutting down and rebooting with no warning. This started early yesterday. One second, I am in a document or on the browser, the next second the screen goes Black and the boot process begins. Upon completion of the boot, the system shows the "serious error" recovery screen with the option to view the information it wishes to forward to MSoft. This information is always a series of errors like the ones listed at the top of the thread, but never the same numbers. I have tried to google some of the numbers but the information it comes up with is not helpful.

I would think with the Recovery install I completed, that the problems would be resolved. It could be a bad driver for either the video or sound card, since I don't have the original CD driver discs for either one. I used drivers downloaded from the web from the manufacturers' sites, but with various versions of their cards, and also in some cases cards using their chipsets but manufactured for another OEM who is not labeled on the actual board, it is often difficult to get the RIGHT driver. I have had times in the past where a driver will work with no apparent problems and then suddenly start giving troubles.

This PC is the one I run another business on from home, one that needs to be able to send email and operate within Outlook for mass emailing, as well as in Excel for access to the mailing lists. Right now, I am behind one day on a batch mailing that should have gone out yesterday. If I am lucky, I might get this emailing off tonight. I have someone in Germany and an entire roster of professional classical musicians and performers whose livelihoods depend on my being able to send these emailings, and I am letting them down, through no fault of my own. To say I am in a panic state is to put it mildly.

Please accept my apology if I sound a little terse - I assure you any that you detect is purely directed at my computer for having all this pressure on me and not being able to perform the tasks due to the PC's failure to operate. Any help you or anyone else can provide will be greatly appreciated.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:30 AM

Posted 08 October 2010 - 03:52 PM

In that case, lets have a closer look. I will move this topic in the mean time.

This problem can be both hardware and software (malware), but without more information that is very hard to determine.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 October 2010 - 04:26 PM

Dear Elise,

Thanks. I will be leaving within the next few minutes, and it takes me a half hour to get home, so I should be on that PC by about 6:00pm, EST, USA.

Thanks.


#10 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 October 2010 - 09:18 PM

Here's the OTL.txt:

OTL logfile created on: 10/8/2010 9:35:50 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Phillip & Genevieve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 362.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 407.31 Gb Total Space | 239.21 Gb Free Space | 58.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 72.36 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Drive E: | 58.44 Gb Total Space | 47.92 Gb Free Space | 82.00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 372.61 Gb Total Space | 102.13 Gb Free Space | 27.41% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 114.48 Gb Total Space | 95.94 Gb Free Space | 83.80% Space Free | Partition Type: NTFS

Computer Name: FAMILY-DESKTOP
Current User Name: Phillip & Genevieve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 21:35:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\OTL.exe
PRC - [2010/09/29 07:56:25 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/09/23 16:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/28 17:39:24 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/08/19 15:23:10 | 003,069,192 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/01 17:33:50 | 000,087,336 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/01/31 16:29:14 | 000,255,160 | ---- | M] (Software Development Solutions, Inc.) -- C:\Program Files\Jamcast\jctray.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/10/02 12:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/05/02 00:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2007/08/10 20:46:20 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/27 14:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 21:35:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\OTL.exe
MOD - [2008/05/02 00:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/29 07:56:25 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/23 16:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/09/22 22:19:24 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/28 17:39:24 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/07/15 17:28:45 | 000,379,400 | ---- | M] (J. River, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Jukebox 14\JRService.exe -- (Media Jukebox 14 Service)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/02/03 22:34:20 | 000,253,440 | ---- | M] (Ryan Conrad) [Disabled | Stopped] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2010/02/01 17:33:50 | 000,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/01/31 16:29:12 | 000,064,696 | ---- | M] (Software Development Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Jamcast\jamcastsvc.exe -- (Jamcast)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/12 22:30:42 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/06/10 15:05:22 | 000,139,264 | R--- | M] () [Disabled | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\PHILLI~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PHILLI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/29 07:56:04 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (androidusb)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/05/16 15:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/28 14:54:38 | 000,033,995 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/09/20 12:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-776561741-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1606980848-776561741-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: ziinkwebhelper@Ziink:0.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/04/09 20:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/01 21:39:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/01 21:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/03 17:21:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\SeaMonkey 2.0.8\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/10/01 21:39:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.8\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/10/01 21:39:55 | 000,000,000 | ---D | M]

[2010/06/04 01:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Extensions
[2010/06/04 01:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/07 00:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/08/22 23:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\extensions
[2010/07/16 00:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/07/16 00:04:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/16 00:02:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/16 00:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\extensions\clpics@eternicode.com
[2010/03/21 23:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\extensions\ziinkwebhelper@Ziink
[2010/10/08 19:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions
[2010/06/04 01:05:33 | 000,000,000 | ---D | M] (PasswordMaker) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}
[2010/03/08 06:13:49 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/03/14 01:23:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/06/04 01:05:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/17 21:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/07/28 23:24:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/28 23:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/08/22 23:40:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/04 01:05:16 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/08/01 03:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/03/14 01:23:53 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010/04/07 23:15:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/27 10:07:37 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/03/13 21:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\elemhidehelper@adblockplus.org
[2010/06/19 23:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\ietab@ip.cn
[2010/08/01 03:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\inspector@mozilla.org
[2010/07/28 23:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\savedpasswordeditor@daniel.dawson
[2010/04/29 11:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Mozilla\SeaMonkey\Profiles\0w59d4oo.default\extensions\showInOut@ggbs.de
[2010/08/22 23:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/25 16:04:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/10/01 20:36:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Jamcast System Tray Utility] C:\Program Files\Jamcast\jctray.exe (Software Development Solutions, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1606980848-776561741-682003330-1003..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-1606980848-776561741-682003330-1003..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-1606980848-776561741-682003330-1003..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-776561741-682003330-1003..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-776561741-682003330-1003..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\Phillip & Genevieve\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/11 22:50:11 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Phillip & Genevieve\Start Menu\Programs\Startup\Shortcut to GoogleCalendarSync.exe.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O15 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1606980848-776561741-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1286341679566 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/06 22:03:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/06 05:19:15 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/01 05:15:53 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/07 22:16:04 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/08 21:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/08 21:34:53 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\OTL.exe
[2010/10/08 21:06:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/10/08 03:35:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/08 03:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/07 22:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/10/07 21:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Local Settings\Application Data\Help
[2010/10/07 21:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Help
[2010/10/07 03:34:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/10/07 01:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IProt
[2010/10/07 01:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010/10/07 01:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Software Informer
[2010/10/07 01:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mosaico
[2010/10/07 01:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MaxConvert2
[2010/10/07 01:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MaxConvert
[2010/10/06 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/06 00:27:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/10/06 00:27:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/10/06 00:25:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/10/05 22:35:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2010/10/05 22:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/10/05 22:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/10/01 21:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/01 21:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/10/01 20:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/01 20:13:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/01 20:13:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/01 20:13:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/01 20:13:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/01 20:13:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/01 20:11:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/01 20:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\POSTERIZA
[2010/10/01 20:06:53 | 000,768,776 | ---- | C] (e-Presencia) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\posteriza_install.exe
[2010/10/01 20:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Malwarebytes
[2010/10/01 20:04:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/01 20:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/01 20:04:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/01 20:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/01 20:04:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\mbam-setup.exe
[2010/10/01 19:58:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/28 14:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\ItsDeductible2006
[2010/09/28 14:18:07 | 082,603,656 | ---- | C] (Intuit Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\w_turbotax_1040_dlx_2006_09.exe
[2010/09/27 11:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\OutlookSpy
[2010/09/27 11:33:36 | 002,453,716 | ---- | C] (companyname) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\OutSpyInstall.exe
[2010/09/21 09:22:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/21 09:22:06 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/21 09:22:05 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/21 09:22:04 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/21 09:22:02 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/21 09:22:02 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/21 09:22:02 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/21 09:21:44 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/21 09:21:43 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/21 09:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/21 09:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/13 01:49:37 | 006,096,286 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\fire.exe
[2010/09/11 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/11 22:50:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Phillip & Genevieve\Start Menu\Programs\Startup\AutorunsDisabled
[2010/09/11 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Autoruns
[2010/09/08 00:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Mainspring Academy
[2010/09/07 11:01:38 | 001,068,528 | ---- | C] (Coupons.com Incorporated) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\couponprinter.exe
[2010/09/02 02:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\VFES
[2010/08/28 17:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\My Google Gadgets
[2010/08/25 23:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Local Settings\Application Data\Copernic
[2010/08/25 23:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Copernic
[2010/08/25 22:59:28 | 008,544,448 | ---- | C] (Copernic Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\copernicdesktopsearch-home.exe
[2010/08/23 12:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\languages
[2010/08/23 12:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\J River
[2010/08/23 12:03:23 | 000,621,056 | ---- | C] (J. River, Inc.) -- C:\WINDOWS\System32\MJ14.exe
[2010/08/23 12:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/08/23 12:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\J River
[2010/08/23 12:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\J River
[2010/08/23 12:01:15 | 014,601,896 | ---- | C] (J. River, Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MediaJukebox140166.exe
[2010/08/17 23:12:05 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/08 06:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/08/08 00:35:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/08 00:03:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/07 22:12:30 | 000,000,000 | ---D | C] -- C:\Old HTC XV6800 Memory Card backup
[2010/08/07 18:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Google
[2010/08/02 12:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Nero
[2010/07/25 19:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\OpenOffice.org
[2010/07/25 19:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/07/25 19:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/07/25 19:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\OpenOffice.org 3.2 (en-US) Installation Files
[2010/07/25 18:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter
[2010/07/25 18:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/07/25 18:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GIRDAC
[2010/07/25 17:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ODIR
[2010/07/25 17:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\ODIR
[2010/07/23 01:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\pdfhelper
[2010/07/23 00:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\briss-0.0.9-bin
[2010/07/23 00:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\soPdf
[2010/07/22 11:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Chris-VFES-Creating Kindships
[2010/07/22 10:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Jokes
[2010/07/22 10:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Firewood
[2010/04/21 19:02:30 | 001,068,528 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[502 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Phillip & Genevieve\My Documents\*.tmp files -> C:\Documents and Settings\Phillip & Genevieve\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/08 21:49:06 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\RKUnhookerLE.EXE
[2010/10/08 21:43:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 21:42:29 | 000,006,643 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/10/08 21:35:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\OTL.exe
[2010/10/08 20:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/08 20:36:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/08 20:35:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 20:35:37 | 000,021,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/08 20:35:36 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/10/08 20:35:35 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/08 20:31:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/08 20:31:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/08 20:30:06 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\Phillip & Genevieve\NTUSER.DAT
[2010/10/08 20:30:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Phillip & Genevieve\ntuser.ini
[2010/10/08 20:09:39 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2010/10/08 20:04:27 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 20:04:27 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 20:04:26 | 000,513,396 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/08 18:50:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/10/08 15:56:55 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/10/08 04:29:36 | 000,424,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/07 22:06:31 | 000,004,018 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\FAMILY-DESKTOP.speccy
[2010/10/07 22:03:31 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2010/10/07 10:35:42 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/10/07 01:23:22 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mosaico.lnk
[2010/10/07 01:20:34 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/07 01:13:00 | 007,031,250 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Mosaico.zip
[2010/10/07 01:05:58 | 000,664,620 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MaxConvert2.zip
[2010/10/07 00:50:51 | 000,664,620 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MaxConvert.zip
[2010/10/06 23:37:17 | 000,043,717 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-06_2337.png
[2010/10/06 09:42:35 | 1072,508,928 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/06 00:46:51 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Upgrade DVD Decoder.url
[2010/10/06 00:46:35 | 000,021,643 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-06_0046.png
[2010/10/06 00:38:36 | 000,004,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/06 00:36:46 | 000,021,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/10/06 00:28:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/06 00:24:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/06 00:24:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/06 00:24:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/06 00:24:18 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/06 00:23:37 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/10/06 00:23:37 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/10/06 00:23:19 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/06 00:22:08 | 000,022,704 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/06 00:03:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 22:35:11 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/10/04 23:08:02 | 003,150,652 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\8_201001180758_ServersMan.apk
[2010/10/03 21:15:04 | 000,002,759 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Document Imaging.lnk
[2010/10/03 16:20:10 | 003,859,660 | R--- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\ComboFix.exe
[2010/10/03 15:41:05 | 000,019,930 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1541.png
[2010/10/03 11:12:35 | 000,021,507 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1112.png
[2010/10/03 11:05:01 | 000,009,977 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1104_001.png
[2010/10/03 11:04:44 | 000,021,399 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1104.png
[2010/10/03 11:04:15 | 000,008,788 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Error_Report.png
[2010/10/03 11:03:43 | 000,019,798 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Error_Signature.png
[2010/10/02 20:01:42 | 000,716,405 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/10/01 21:39:35 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/01 20:36:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/01 20:30:43 | 000,000,930 | ---- | M] () -- C:\WINDOWS\posteriza.INI
[2010/10/01 20:11:20 | 000,768,776 | ---- | M] (e-Presencia) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\posteriza_install.exe
[2010/10/01 20:07:17 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\POSTERIZA.lnk
[2010/10/01 20:04:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 20:04:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\mbam-setup.exe
[2010/09/29 16:46:12 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Home Garden Event 10-1-10.doc
[2010/09/29 07:56:04 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/09/29 07:56:02 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/09/29 07:56:02 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/09/28 14:37:49 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Deluxe Deduction Maximizer 2006.lnk
[2010/09/28 14:34:48 | 000,074,778 | ---- | M] () -- C:\WINDOWS\Instlog.lyt
[2010/09/28 14:33:45 | 000,000,577 | ---- | M] () -- C:\WINDOWS\Instcomp.lyt
[2010/09/28 14:19:05 | 082,603,656 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\w_turbotax_1040_dlx_2006_09.exe
[2010/09/27 11:33:43 | 002,453,716 | ---- | M] (companyname) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\OutSpyInstall.exe
[2010/09/26 03:37:06 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Dear Kevin and Roz2.doc
[2010/09/26 00:52:56 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Dear Kevin and Roz.doc
[2010/09/25 12:21:12 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Yard Sales 9-25.doc
[2010/09/21 09:22:07 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/21 09:22:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/20 02:21:57 | 004,809,216 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Phil - CK Artists Business Cards (smaller-2).doc
[2010/09/20 01:51:23 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$il - CK Artists Business Cards (smaller-2).doc
[2010/09/20 00:46:18 | 002,527,232 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Phil - CK Artists Business Cards (smaller).doc
[2010/09/20 00:43:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$il - CK Artists Business Cards.doc
[2010/09/18 05:46:30 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 01:44:21 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Deviled Eggs.doc
[2010/09/17 01:36:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/13 13:48:07 | 000,108,387 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\child-care-flyer.pdf
[2010/09/13 01:49:53 | 006,096,286 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\fire.exe
[2010/09/11 23:31:41 | 115,457,217 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Bart_PE_XP_SP3.rar
[2010/09/11 22:55:07 | 002,470,081 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\AutoRuns.arn
[2010/09/11 22:42:31 | 000,618,945 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Autoruns.zip
[2010/09/11 22:25:27 | 000,124,776 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/08 01:08:47 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Body.html
[2010/09/08 01:08:00 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Header.html
[2010/09/08 00:39:40 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\footer.html
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 11:01:52 | 001,068,528 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\couponprinter.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/02 04:27:21 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 21:01:22 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Laserdiscs.xls
[2010/08/29 21:49:09 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Shortcut to My Pictures.lnk
[2010/08/28 18:47:17 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Home Purchases.xls
[2010/08/28 17:40:20 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/08/25 23:00:25 | 008,544,448 | ---- | M] (Copernic Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\copernicdesktopsearch-home.exe
[2010/08/23 12:20:53 | 000,045,697 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat
[2010/08/23 12:20:32 | 001,185,871 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe
[2010/08/23 12:03:54 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Jukebox 14.lnk
[2010/08/23 12:03:54 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Jukebox 14.lnk
[2010/08/23 12:02:37 | 014,601,896 | ---- | M] (J. River, Inc.) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MediaJukebox140166.exe
[2010/08/23 03:35:08 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Start Menu\Programs\Startup\Shortcut to GoogleCalendarSync.exe.lnk
[2010/08/17 23:12:35 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Phillip & Genevieve\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/17 00:37:41 | 001,300,216 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\D2.apk
[2010/08/13 01:41:01 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Fast Email Extractor.lnk
[2010/08/13 01:41:01 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart (2).lnk
[2010/08/13 01:41:01 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Detective.lnk
[2010/08/13 01:41:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
[2010/08/13 01:41:01 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat 9 Pro.lnk
[2010/08/13 01:41:01 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\MOTOROLA MEDIA LINK.lnk
[2010/08/13 01:41:01 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk
[2010/08/13 01:41:01 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/08/13 01:41:01 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Calendar.lnk
[2010/08/13 01:41:01 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/08/13 01:41:01 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2010/08/13 01:41:01 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan (2).lnk
[2010/08/13 01:28:39 | 001,300,216 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\D2.apk
[2010/08/10 21:14:26 | 120,939,192 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\WS320082.WMA
[2010/08/05 22:47:24 | 001,070,592 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Dr. Sears August 10th-1.doc
[2010/07/25 18:55:31 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Free PDF to Word Doc Converter.lnk
[2010/07/25 18:42:50 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\PDF-Viewer.lnk
[2010/07/22 11:02:20 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\11-17-04 Email to help people with dead harddrives.doc
[2010/07/16 19:07:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$ke - Made in other countries.doc
[2010/07/16 18:33:31 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$eating Kinships 7-16-10s.doc
[2010/07/16 12:50:12 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\VFES-Caring Kindships.xls
[2010/07/15 17:28:33 | 000,621,056 | ---- | M] (J. River, Inc.) -- C:\WINDOWS\System32\MJ14.exe
[2010/07/14 22:58:59 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Plants.xls
[2010/07/13 15:59:46 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\UPromise.xls
[2010/07/12 22:50:32 | 000,087,752 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\child care flyer-1.pdf
[2010/07/11 23:06:51 | 001,163,284 | ---- | M] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\HowToViewEmailHeaders.pdf
[502 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Phillip & Genevieve\My Documents\*.tmp files -> C:\Documents and Settings\Phillip & Genevieve\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 21:41:18 | 000,006,643 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/10/07 22:06:31 | 000,004,018 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\FAMILY-DESKTOP.speccy
[2010/10/07 22:03:31 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2010/10/07 03:44:30 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/10/07 03:44:30 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/10/07 03:44:30 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/10/07 03:44:30 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/10/07 03:44:30 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/10/07 03:44:30 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/10/07 03:44:29 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/10/07 03:44:29 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/10/07 03:44:29 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/10/07 03:44:29 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/10/07 03:44:29 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/10/07 03:44:29 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/10/07 03:44:29 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/10/07 03:44:29 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/10/07 03:44:29 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/10/07 03:44:29 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/10/07 03:44:29 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/10/07 03:44:29 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/10/07 03:44:29 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/10/07 03:44:29 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/10/07 03:44:29 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/10/07 03:44:29 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/10/07 03:44:29 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/10/07 03:44:29 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/10/07 03:44:29 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/10/07 03:44:29 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/10/07 03:44:29 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/10/07 03:44:27 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/10/07 03:44:27 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/10/07 03:44:27 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/10/07 03:44:26 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/10/07 03:44:26 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/10/07 03:44:26 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/10/07 03:44:26 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/10/07 03:44:26 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/10/07 03:44:26 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/10/07 03:44:26 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/10/07 03:44:26 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/10/07 03:44:26 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/10/07 03:44:26 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/10/07 03:44:24 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/10/07 03:44:23 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/10/07 03:44:23 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/10/07 03:44:21 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/10/07 03:44:20 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/10/07 03:44:20 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/10/07 03:44:20 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/10/07 03:44:16 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/10/07 03:44:16 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/10/07 03:44:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/10/07 03:44:16 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/10/07 03:44:16 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/10/07 03:44:14 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/10/07 03:44:09 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/10/07 03:44:03 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/10/07 03:44:03 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/10/07 03:44:03 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/10/07 03:44:03 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/10/07 03:44:03 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/10/07 03:44:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/10/07 03:44:03 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/10/07 03:44:03 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/10/07 03:44:03 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/10/07 03:44:03 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/10/07 03:31:53 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/07 01:23:22 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mosaico.lnk
[2010/10/07 01:12:52 | 007,031,250 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Mosaico.zip
[2010/10/07 01:05:55 | 000,664,620 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MaxConvert2.zip
[2010/10/07 00:50:48 | 000,664,620 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\MaxConvert.zip
[2010/10/06 23:37:16 | 000,043,717 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-06_2337.png
[2010/10/06 00:46:51 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Upgrade DVD Decoder.url
[2010/10/06 00:46:35 | 000,021,643 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-06_0046.png
[2010/10/06 00:27:44 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/10/06 00:26:52 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/10/06 00:26:52 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/10/06 00:26:51 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/10/06 00:26:19 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/10/06 00:26:18 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/06 00:26:09 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/10/06 00:26:08 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/10/06 00:26:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/06 00:25:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/10/06 00:25:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/06 00:25:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/10/06 00:25:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/10/06 00:25:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/10/06 00:25:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/10/06 00:25:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/10/06 00:25:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/10/06 00:25:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/10/06 00:25:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/10/06 00:25:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/10/06 00:25:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/10/06 00:25:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/10/06 00:25:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/10/06 00:25:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/10/06 00:25:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/10/06 00:25:26 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/10/06 00:25:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/10/06 00:25:25 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/10/06 00:25:25 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/10/06 00:25:25 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/10/06 00:25:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/10/06 00:25:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/10/06 00:25:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/10/06 00:25:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/10/06 00:25:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/10/06 00:25:24 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/10/06 00:25:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/10/06 00:25:23 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/10/06 00:25:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/10/06 00:25:23 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/10/06 00:25:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/10/06 00:25:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/10/06 00:25:22 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/10/06 00:25:22 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/10/06 00:23:37 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/10/06 00:23:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/10/06 00:02:56 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/10/06 00:02:56 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/10/06 00:02:56 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/10/06 00:02:56 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/10/06 00:02:56 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/10/06 00:02:55 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/10/06 00:02:55 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/10/05 22:50:25 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2010/10/05 22:50:25 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2010/10/05 22:35:11 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2010/10/05 19:53:01 | 1072,508,928 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/04 23:07:55 | 003,150,652 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\8_201001180758_ServersMan.apk
[2010/10/03 16:20:10 | 003,859,660 | R--- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\ComboFix.exe
[2010/10/03 15:41:05 | 000,019,930 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1541.png
[2010/10/03 11:12:35 | 000,021,507 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1112.png
[2010/10/03 11:05:01 | 000,009,977 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1104_001.png
[2010/10/03 11:04:44 | 000,021,399 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\2010-10-03_1104.png
[2010/10/03 11:04:15 | 000,008,788 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Error_Report.png
[2010/10/03 11:03:43 | 000,019,798 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Error_Signature.png
[2010/10/01 21:39:34 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/01 20:30:43 | 000,000,930 | ---- | C] () -- C:\WINDOWS\posteriza.INI
[2010/10/01 20:13:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/01 20:13:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/01 20:13:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/01 20:13:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/01 20:13:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/01 20:07:17 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\POSTERIZA.lnk
[2010/10/01 20:04:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/29 16:46:12 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Home Garden Event 10-1-10.doc
[2010/09/28 14:37:49 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Deluxe Deduction Maximizer 2006.lnk
[2010/09/28 14:33:45 | 000,000,577 | ---- | C] () -- C:\WINDOWS\Instcomp.lyt
[2010/09/28 14:31:55 | 000,074,778 | ---- | C] () -- C:\WINDOWS\Instlog.lyt
[2010/09/26 03:37:06 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Dear Kevin and Roz2.doc
[2010/09/26 00:52:56 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Dear Kevin and Roz.doc
[2010/09/25 11:44:43 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Yard Sales 9-25.doc
[2010/09/21 09:22:07 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/20 01:51:23 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$il - CK Artists Business Cards (smaller-2).doc
[2010/09/20 01:51:22 | 004,809,216 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Phil - CK Artists Business Cards (smaller-2).doc
[2010/09/20 00:46:17 | 002,527,232 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Phil - CK Artists Business Cards (smaller).doc
[2010/09/20 00:43:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$il - CK Artists Business Cards.doc
[2010/09/18 05:46:30 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/09/18 01:44:21 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Deviled Eggs.doc
[2010/09/13 13:47:57 | 000,108,387 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\child-care-flyer.pdf
[2010/09/11 23:24:26 | 115,457,217 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Bart_PE_XP_SP3.rar
[2010/09/11 22:42:18 | 000,618,945 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Autoruns.zip
[2010/09/08 01:08:47 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Body.html
[2010/09/08 01:07:59 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\Header.html
[2010/09/08 00:39:39 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\footer.html
[2010/08/29 21:49:09 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Shortcut to My Pictures.lnk
[2010/08/28 17:40:20 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/08/23 12:20:42 | 000,001,708 | ---- | C] () -- C:\WINDOWS\System32\openIE.js
[2010/08/23 12:20:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.ax.manifest
[2010/08/23 12:20:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/08/23 12:20:35 | 001,185,871 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2010/08/23 12:20:35 | 000,045,697 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/08/23 12:03:54 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Jukebox 14.lnk
[2010/08/23 12:03:54 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Jukebox 14.lnk
[2010/08/23 03:35:08 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Start Menu\Programs\Startup\Shortcut to GoogleCalendarSync.exe.lnk
[2010/08/17 00:37:38 | 001,300,216 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\D2.apk
[2010/08/13 02:34:13 | 120,939,192 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Desktop\WS320082.WMA
[2010/08/13 01:41:01 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Fast Email Extractor.lnk
[2010/08/13 01:41:01 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart (2).lnk
[2010/08/13 01:41:01 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Driver Detective.lnk
[2010/08/13 01:41:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk
[2010/08/13 01:41:01 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat 9 Pro.lnk
[2010/08/13 01:41:01 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\MOTOROLA MEDIA LINK.lnk
[2010/08/13 01:41:01 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk
[2010/08/13 01:41:01 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/08/13 01:41:01 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Calendar.lnk
[2010/08/13 01:41:01 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/08/13 01:41:01 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2010/08/13 01:41:01 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan (2).lnk
[2010/08/13 01:28:23 | 001,300,216 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\D2.apk
[2010/08/07 18:38:05 | 000,000,912 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/07 18:38:04 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/05 22:47:23 | 001,070,592 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Dr. Sears August 10th-1.doc
[2010/07/25 18:55:31 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\Free PDF to Word Doc Converter.lnk
[2010/07/25 18:42:50 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Microsoft\Internet Explorer\Quick Launch\PDF-Viewer.lnk
[2010/07/16 19:07:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$ke - Made in other countries.doc
[2010/07/16 18:33:31 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\~$eating Kinships 7-16-10s.doc
[2010/07/14 19:43:01 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\VFES-Caring Kindships.xls
[2010/07/14 15:51:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\Plants.xls
[2010/07/13 15:59:45 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\UPromise.xls
[2010/07/12 22:50:32 | 000,087,752 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\child care flyer-1.pdf
[2010/07/11 23:06:51 | 001,163,284 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\My Documents\HowToViewEmailHeaders.pdf
[2010/05/27 17:16:56 | 000,139,167 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\se.txt
[2010/05/25 13:01:06 | 000,099,436 | ---- | C] () -- C:\Program Files\Common Files\Engines.lnl
[2010/04/09 01:06:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/27 19:13:53 | 000,038,488 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Comma Separated Values (DOS).ADR
[2010/03/13 19:43:17 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\Phillip & Genevieve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 03:25:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/06 22:52:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/06 16:49:42 | 000,000,524 | RHS- | C] () -- C:\WINDOWS\sscfgwin.sys
[2010/03/02 20:00:00 | 004,844,283 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,633,202 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,957,491 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,895,656 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,612,342 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/11/23 09:13:31 | 000,000,239 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 08:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005131_.tmp.dll
[2004/08/04 08:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005099_.tmp.dll
[2004/06/24 02:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/21 09:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/13 20:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/05/14 21:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bimesoft
[2010/07/25 18:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GIRDAC
[2010/10/07 01:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IProt
[2010/07/03 01:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2010/05/12 12:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/09 01:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\motorola
[2010/03/09 03:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/25 17:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ODIR
[2010/06/26 22:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/12 21:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/08/08 00:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2010/03/19 11:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/26 23:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/05/12 12:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DroidExplorer
[2010/08/23 12:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\J River
[2010/03/13 19:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/08/25 23:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Copernic
[2010/03/08 04:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Desktopicon
[2010/05/12 12:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\DroidExplorer
[2010/04/29 00:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\EPSON
[2010/08/23 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\J River
[2010/07/03 02:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Lencom
[2010/07/03 01:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Maxprog
[2010/07/07 11:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\MioNet
[2010/04/09 01:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\motorola
[2010/07/25 19:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\OpenOffice.org
[2010/03/07 23:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Scooter Software
[2010/03/13 19:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Softland
[2010/10/08 20:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Software Informer
[2010/03/13 23:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\streamripper
[2010/06/04 01:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\Thunderbird
[2010/06/20 01:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phillip & Genevieve\Application Data\WD
[2010/10/08 20:35:36 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2010/10/08 18:50:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2010/10/08 20:36:28 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >


Here's the Extras.txt:

OTL Extras logfile created on: 10/8/2010 9:35:50 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Phillip & Genevieve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 362.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 407.31 Gb Total Space | 239.21 Gb Free Space | 58.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 72.36 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Drive E: | 58.44 Gb Total Space | 47.92 Gb Free Space | 82.00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 372.61 Gb Total Space | 102.13 Gb Free Space | 27.41% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 114.48 Gb Total Space | 95.94 Gb Free Space | 83.80% Space Free | Partition Type: NTFS

Computer Name: FAMILY-DESKTOP
Current User Name: Phillip & Genevieve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1606980848-776561741-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = SeaMonkeyHTML] -- C:\Program Files\SeaMonkey\seamonkey.exe (mozilla.org)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"51000:UDP" = 51000:UDP:LocalSubNet:Enabled:Jamcast WM-DRM Proximity Detection
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Motorola Media Link\MML.exe" = C:\Program Files\Motorola Media Link\MML.exe:*:Enabled:Motorola Media Link main -- (Nero corporation)
"C:\Program Files\Jamcast\jamcastsvc.exe" = C:\Program Files\Jamcast\jamcastsvc.exe:LocalSubNet:Enabled:Jamcast -- (Software Development Solutions, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\SurfOffline Professional 2\SO_PRO.exe" = C:\Program Files\SurfOffline Professional 2\SO_PRO.exe:*:Enabled:SurfOffline Professional 2 -- (Bimesoft)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"D:\Program Files\StrongDC++\StrongDC.exe" = D:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++ -- (Big Muscle, KohlSoft® Corporation ;-))
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0982A84C-005A-45CA-9BAC-F11129D34D2F}" = OutlookSpy
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1186703C-E6E6-4F7E-8CCD-6D26272A2579}" = Fast Email Extractor 7
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = WD Anywhere Access Powered by MioNet
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99279F13-3CD5-4052-8C54-5C1738E54FCA}" = X1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7DFAC70-236D-44C6-A861-299D444E5988}" = Droid Explorer 0.8.4.3 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cfebb49e-f736-4800-90f7-4be313822f4e}" = Nero 9 Lite
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and Free Tools
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"Accurate Outlook Duplicate Remover_is1" = Accurate Outlook Duplicate Remover 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AutocompletePro2_is1" = AutocompletePro
"avast5" = avast! Free Antivirus
"BC2_is1" = Beyond Compare Version 2.2.7
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"doPDF 7 printer_is1" = doPDF 7.1 printer
"eMail Extractor_is1" = eMail Extractor 3.4.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Extract Email Addresses From Multiple Web Sites Software_is1" = Extract Email Addresses From Multiple Web Sites Software 7.0
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FLV Player" = FLV Player 2.0 (build 25)
"Free ISO Burn Wizard_is1" = Free ISO Burn Wizard 3.6.1.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Frogger2" = Frogger2
"Google Calendar Sync" = Google Calendar Sync
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"ie8" = Windows Internet Explorer 8
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Jamcast" = Jamcast
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Jukebox 14" = Media Jukebox 14
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mosaico" = Mosaico
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"NVIDIA Drivers" = NVIDIA Drivers
"ODIR_is1" = ODIR
"PFPortChecker" = PFPortChecker 1.0.32
"Picasa 3" = Picasa 3
"POSTERIZA" = POSTERIZA 1.1.1
"PowerShell" = Windows PowerShell™ 1.0
"SeaMonkey (2.0.8)" = SeaMonkey (2.0.8)
"Software Informer_is1" = Software Informer 1.0 BETA
"Speccy" = Speccy
"SurfOffline Professional 2" = SurfOffline Professional 2
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Unlocker" = Unlocker 1.8.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Mail Extract Email Addresses Software_is1" = Yahoo! Mail Extract Email Addresses Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2010 7:50:06 PM | Computer Name = FAMILY-DESKTOP | Source = Microsoft Office 11 | ID = 1000
Description =

Error - 10/8/2010 7:53:25 PM | Computer Name = FAMILY-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/8/2010 8:02:10 PM | Computer Name = FAMILY-DESKTOP | Source = Jamcast | ID = 0
Description = A fatal error occurred during service manager initialization: The
type initializer for ' . ' threw an exception.

Error - 10/8/2010 8:02:11 PM | Computer Name = FAMILY-DESKTOP | Source = Jamcast | ID = 0
Description = Service cannot be started. System.TypeInitializationException: The
type initializer for ' . ' threw an exception. ---> FirebirdSql.Data.FirebirdClient.FbException:
database file appears corrupt (C:\PROGRAM FILES\JAMCAST\JAMCAST.DAT) wrong page
type page 2119 is of wrong type (expected 7, found 5) At procedure 'P_GET_SHARES_EXT'
line: 22, col: 9 ---> database file appears corrupt (C:\PROGRAM FILES\JAMCAST\JAMCAST.DAT)
wrong
page type page 2119 is of wrong type (expected 7, found 5) At procedure 'P_GET_SHARES_EXT'
line: 22, col: 9 --- End of inner exception stack trace --- at FirebirdSql.Data.FirebirdClient.FbCommand.Fetch()

at FirebirdSql.Data.FirebirdClient.FbDataReader.Read() at . . () at Jamcast.Globals.SharedFolderCollection.()

at . . () at . . () at . ..cctor() --- End of inner exception stack trace ---

at . . () at Jamcast.Service.ServiceManager.Initialize() at . .OnStart(String[]
) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 10/8/2010 8:03:20 PM | Computer Name = FAMILY-DESKTOP | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 10/8/2010 8:05:10 PM | Computer Name = FAMILY-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3698, fault address 0x0003df2f.

Error - 10/8/2010 8:31:44 PM | Computer Name = FAMILY-DESKTOP | Source = Jamcast | ID = 0
Description = A fatal error occurred during service manager initialization: The
type initializer for ' . ' threw an exception.

Error - 10/8/2010 8:31:45 PM | Computer Name = FAMILY-DESKTOP | Source = Jamcast | ID = 0
Description = Service cannot be started. System.TypeInitializationException: The
type initializer for ' . ' threw an exception. ---> FirebirdSql.Data.FirebirdClient.FbException:
database file appears corrupt (C:\PROGRAM FILES\JAMCAST\JAMCAST.DAT) wrong page
type page 2119 is of wrong type (expected 7, found 5) At procedure 'P_GET_SHARES_EXT'
line: 22, col: 9 ---> database file appears corrupt (C:\PROGRAM FILES\JAMCAST\JAMCAST.DAT)
wrong
page type page 2119 is of wrong type (expected 7, found 5) At procedure 'P_GET_SHARES_EXT'
line: 22, col: 9 --- End of inner exception stack trace --- at FirebirdSql.Data.FirebirdClient.FbCommand.Fetch()

at FirebirdSql.Data.FirebirdClient.FbDataReader.Read() at . . () at Jamcast.Globals.SharedFolderCollection.()

at . . () at . . () at . ..cctor() --- End of inner exception stack trace ---

at . . () at Jamcast.Service.ServiceManager.Initialize() at . .OnStart(String[]
) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 10/8/2010 8:32:11 PM | Computer Name = FAMILY-DESKTOP | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 10/8/2010 8:35:36 PM | Computer Name = FAMILY-DESKTOP | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

[ System Events ]
Error - 10/6/2010 9:43:44 AM | Computer Name = FAMILY-DESKTOP | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070032 Error description: The request is not supported. Reason:
%%837

Error - 10/6/2010 9:44:21 AM | Computer Name = FAMILY-DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 10/6/2010 9:44:23 AM | Computer Name = FAMILY-DESKTOP | Source = BITS | ID = 1654791
Description = The BITS job list is not in a recognized format. It may have been
created by a different version of BITS. The job list has been cleared.

Error - 10/6/2010 12:04:43 PM | Computer Name = FAMILY-DESKTOP | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf800842, parameter3
995f7ce4, parameter4 00000000.

Error - 10/6/2010 11:59:09 PM | Computer Name = FAMILY-DESKTOP | Source = DCOM | ID = 10010
Description = The server {0006F03A-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/7/2010 3:26:54 AM | Computer Name = FAMILY-DESKTOP | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80070032 Error description: The request is not supported. Reason:
%%842

Error - 10/7/2010 3:26:54 AM | Computer Name = FAMILY-DESKTOP | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070032 Error description: The request is not supported. Reason:
%%842

Error - 10/7/2010 3:26:54 AM | Computer Name = FAMILY-DESKTOP | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80070032 Error description: The request is not supported. Reason:
%%837

Error - 10/7/2010 3:26:54 AM | Computer Name = FAMILY-DESKTOP | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070032 Error description: The request is not supported. Reason:
%%837

Error - 10/7/2010 3:27:25 AM | Computer Name = FAMILY-DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter


< End of report >

#11 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 October 2010 - 09:41 PM

And the Report.txt:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF080000 C:\WINDOWS\System32\ati3duag.dll 1892352 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF757A000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF76D0000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF24E000 C:\WINDOWS\System32\ativvaxx.dll 520192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x9A499000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x9A53C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7402000 C:\WINDOWS\system32\drivers\senfilt.sys 385024 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF7284000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9A6E7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x99B7B000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x99558000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF74A4000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF730A000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7814000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x99EC5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76A3000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x994DD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9A5AC000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9A699000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9A515000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xF751B000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF77BE000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9A6C1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7480000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7542000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF74E4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9A79B000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x9A5D7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7460000 C:\WINDOWS\system32\drivers\aeaudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF7786000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77E4000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7689000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77A6000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x9A459000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0x9A19A000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF775D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF73EB000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x997F1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7507000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7566000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9A740000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7774000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7803000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF733A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF73DB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7913000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7873000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7933000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7A43000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7973000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7953000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9A261000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7A03000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7883000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF78C3000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7923000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7983000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF78A3000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7A83000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF79A3000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78D3000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7A73000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7963000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7893000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7993000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7A23000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7863000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x99DD5000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xF79D3000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF79C3000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF78B3000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7A53000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7903000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF79B3000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7A63000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x990DA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A33000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C63000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7BAB000 C:\WINDOWS\system32\drivers\sf.sys 32768 bytes (Sonic Focus, Inc, DSP service driver 08-28-2004 build for SF 1.X)
0xF7B4B000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B83000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7C3B000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7B33000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF7AE3000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B7B000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7B63000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7B73000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BFB000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7B43000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7C43000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BB3000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7C13000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7C53000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AEB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BDB000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BEB000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7BCB000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B5B000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7B3B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7D47000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9A321000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7D03000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9A47D000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7C73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0x9A787000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF72E6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7278000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7D27000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7D2F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D97000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D69000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7DDB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D93000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D67000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D9B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DB1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DA7000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xF7D9F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D6F000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D75000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D65000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F86000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7F1B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F82000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xF7E79000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E2B000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x05730000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 102400 bytes
0x05F10000 Hidden Image-->CLI.Component.Eeu.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 1028096 bytes
0x05DF0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 1150976 bytes
0x00DD0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 118784 bytes
0x03930000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 118784 bytes
0x05620000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 151552 bytes
0x05C00000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 1740800 bytes
0x05DB0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 217088 bytes
0x05650000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 233472 bytes
0x04BB0000 Hidden Image-->msvcm90.dll [ EPROCESS 0x8556F348 ] PID: 700, 270336 bytes
0x00FA0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 28672 bytes
0x011D0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 28672 bytes
0x04EA0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x00E00000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x00E30000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x03A00000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04010000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x03EE0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04050000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04030000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x045B0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x045A0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x049A0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04990000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04A50000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04AC0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04A90000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04A70000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04C00000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04C20000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04C50000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x04E70000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05070000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05080000 Hidden Image-->Branding.dll [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x050A0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05120000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05340000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05360000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05700000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x055C0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x055D0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05600000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05690000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x05770000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x057A0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 28672 bytes
0x049D0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 299008 bytes
0x01360000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 36864 bytes
0x01370000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 36864 bytes
0x00DD0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x03980000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x039A0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x03B20000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x03C90000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x04970000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x04A20000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x050C0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 36864 bytes
0x04FF0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 413696 bytes
0x00E00000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 45056 bytes
0x00E70000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 45056 bytes
0x00E70000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 45056 bytes
0x03A70000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 45056 bytes
0x045C0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8595CB98 ] PID: 960, 454656 bytes
0x058D0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 503808 bytes
0x05480000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 512000 bytes
0x039D0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x039E0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x03A90000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x03FF0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x04160000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x04EE0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x050D0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x05710000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 53248 bytes
0x037B0000 Hidden Image-->FirebirdSql.Data.FirebirdClient.dll [ EPROCESS 0x85575538 ] PID: 3304, 552960 bytes
0x05370000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 552960 bytes
0x05790000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 61440 bytes
0x00E80000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8595BDA0 ] PID: 3108, 69632 bytes
0x00E40000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 69632 bytes
0x03960000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 69632 bytes
0x049B0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 69632 bytes
0x04E80000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 69632 bytes
0x06110000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 724992 bytes
0x00E10000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 86016 bytes
0x055E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 86016 bytes
0x039B0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 94208 bytes
0x04AD0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x8595CB98 ] PID: 960, 94208 bytes


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:30 AM

Posted 09 October 2010 - 02:12 PM

Hello again, no visible active malware here, but I see some weird event viewer errors.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 09 October 2010 - 05:02 PM

OK, Elise...here it is.

By the way, it rebooted in the process and created the log after reboot. Is this normal? Also, last night it ended in a BSOD again, the error on failure was IRQL NOT LESS OR EQUAL, and the numerical error was 0x0000000a.

ComboFix 10-10-09.03 - Phillip & Genevieve 10/09/2010 17:09:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.452 [GMT -4:00]
Running from: c:\documents and settings\Phillip & Genevieve\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\wd
c:\program files\wd\WD Anywhere Backup\config\Applications.xml
c:\program files\wd\WD Anywhere Backup\config\BackMeUp.xml
c:\program files\wd\WD Anywhere Backup\config\blacklist.txt
c:\program files\wd\WD Anywhere Backup\config\BMUConfigWizard.xml
c:\program files\wd\WD Anywhere Backup\config\Branding.xml
c:\program files\wd\WD Anywhere Backup\config\DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\ErrorDescriptions.xml
c:\program files\wd\WD Anywhere Backup\config\images\1Off.png
c:\program files\wd\WD Anywhere Backup\config\images\1On.png
c:\program files\wd\WD Anywhere Backup\config\images\2Off.png
c:\program files\wd\WD Anywhere Backup\config\images\2On.png
c:\program files\wd\WD Anywhere Backup\config\images\3Off.png
c:\program files\wd\WD Anywhere Backup\config\images\3On.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Actions.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Close.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Pause.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Reactivate.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Resume.png
c:\program files\wd\WD Anywhere Backup\config\images\Actions\Verify.png
c:\program files\wd\WD Anywhere Backup\config\images\AppLogo.png
c:\program files\wd\WD Anywhere Backup\config\images\arial.ttf
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup16.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup48.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupSysTrayIcons.png
c:\program files\wd\WD Anywhere Backup\config\images\BuyNow.png
c:\program files\wd\WD Anywhere Backup\config\images\Check.png
c:\program files\wd\WD Anywhere Backup\config\images\CopyApps.png
c:\program files\wd\WD Anywhere Backup\config\images\harddisk.png
c:\program files\wd\WD Anywhere Backup\config\images\harddisk_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Feedback.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Help.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Purchase.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Register.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\Updates.png
c:\program files\wd\WD Anywhere Backup\config\images\Help\ViewHelp.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\LeftPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\Create.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\CreateHover.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\Restore.png
c:\program files\wd\WD Anywhere Backup\config\images\MainOps\RestoreHover.png
c:\program files\wd\WD Anywhere Backup\config\images\MioNet.png
c:\program files\wd\WD Anywhere Backup\config\images\network.png
c:\program files\wd\WD Anywhere Backup\config\images\network_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\PanelImage.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeFiles.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeFilesHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeSettings.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ChangeSettingsHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\FileTransfer.gif
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\Password.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\PasswordHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\Remove.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\RemoveHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\View.png
c:\program files\wd\WD Anywhere Backup\config\images\PlanPanel\ViewHover.png
c:\program files\wd\WD Anywhere Backup\config\images\PoweredByMemeo.png
c:\program files\wd\WD Anywhere Backup\config\images\Products\Products.png
c:\program files\wd\WD Anywhere Backup\config\images\Products\ProtectMultiple.png
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.bmp
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.png
c:\program files\wd\WD Anywhere Backup\config\images\ProviderHardDisk.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProvideriPod.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderNetwork.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderRemovable.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderSwapDrive.ico
c:\program files\wd\WD Anywhere Backup\config\images\RegularButtonHoverImage.png
c:\program files\wd\WD Anywhere Backup\config\images\RegularButtonImage.png
c:\program files\wd\WD Anywhere Backup\config\images\removable.png
c:\program files\wd\WD Anywhere Backup\config\images\removable_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore16.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore32.ico
c:\program files\wd\WD Anywhere Backup\config\images\Restore48.png
c:\program files\wd\WD Anywhere Backup\config\images\RestoreApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\SelectedProviderHighlight.jpg
c:\program files\wd\WD Anywhere Backup\config\images\Settings\Alerts.png
c:\program files\wd\WD Anywhere Backup\config\images\Settings\Settings.png
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive.png
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\TopPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\images\wdmybook.png
c:\program files\wd\WD Anywhere Backup\config\images\wdpassport.png
c:\program files\wd\WD Anywhere Backup\config\Locale.xml
c:\program files\wd\WD Anywhere Backup\config\rssuserprefs.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.iPod.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.ShutterFly.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\UserFileTypeOptions.xml
c:\program files\wd\WD Anywhere Backup\ConfigManager.xml
c:\program files\wd\WD Anywhere Backup\DevComponents.DotNetBar2.dll
c:\program files\wd\WD Anywhere Backup\docs\images\AB user guide start.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide page1.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide page2.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide page4.gif
c:\program files\wd\WD Anywhere Backup\docs\images\user guide restore page3.gif
c:\program files\wd\WD Anywhere Backup\docs\MemeoAutoBackupUserGuide.htm
c:\program files\wd\WD Anywhere Backup\eWebClient.dll
c:\program files\wd\WD Anywhere Backup\ICSharpCode.SharpZipLib.dll
c:\program files\wd\WD Anywhere Backup\Interop.eWebControl.dll
c:\program files\wd\WD Anywhere Backup\Interop.iTunesLib.dll
c:\program files\wd\WD Anywhere Backup\Interop.Microsoft.Office.Core.dll
c:\program files\wd\WD Anywhere Backup\Interop.Outlook.dll
c:\program files\wd\WD Anywhere Backup\Interop.ProfMan.dll
c:\program files\wd\WD Anywhere Backup\Interop.Redemption.dll
c:\program files\wd\WD Anywhere Backup\license.rtf
c:\program files\wd\WD Anywhere Backup\MBSstarter.exe
c:\program files\wd\WD Anywhere Backup\Memeo.Client.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Client.UI.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Shadow.Vista.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Shadow.XP.dll
c:\program files\wd\WD Anywhere Backup\MemeoBackgroundService.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackgroundService.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoRemoteCore.dll
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoUpdater.exe
c:\program files\wd\WD Anywhere Backup\MemeoUpdater.exe.config
c:\program files\wd\WD Anywhere Backup\Microsoft.Web.Services.dll
c:\program files\wd\WD Anywhere Backup\Microsoft.Windows.Forms.Navigation.dll
c:\program files\wd\WD Anywhere Backup\Mono.Nat.dll
c:\program files\wd\WD Anywhere Backup\MSVCR71D.dll
c:\program files\wd\WD Anywhere Backup\NamedPipes.dll
c:\program files\wd\WD Anywhere Backup\Newtonsoft.Json.dll
c:\program files\wd\WD Anywhere Backup\providers\Memeo.Server.Providers.BackupOnline.dll
c:\program files\wd\WD Anywhere Backup\providers\RegisteredProviders.xml
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FTPBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.iPodBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.RemovableStorageBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.ShutterflyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.SwapDriveBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.Ftp.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.ProxySocket.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.SecureSocket.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Security.dll
c:\program files\wd\WD Anywhere Backup\SQLite.NET.dll
c:\program files\wd\WD Anywhere Backup\sqlite3.dll
c:\program files\wd\WD Anywhere Backup\support\MemeoSupport.exe
c:\program files\wd\WD Anywhere Backup\support\MemeoSupport.exe.config
c:\program files\wd\WD Anywhere Backup\Tanagra.BMU.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.DataAccess.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Interop.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Third-party.Security.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Utility.dll
c:\program files\wd\WD Anywhere Backup\uninstall.exe
c:\program files\wd\WD Anywhere Backup\USBLib.dll
c:\program files\wd\WD Anywhere Backup\Vista.Api.dll
c:\program files\wd\WD Anywhere Backup\WDAnywhereBackup.ico
c:\program files\wd\WD Anywhere Backup\WDDriveInfo.exe
c:\program files\wd\WD Anywhere Backup\XMLSettings.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MemeoBackgroundService
-------\Legacy_MemeoBackgroundService
-------\Service_MemeoBackgroundService
-------\Service_MemeoBackgroundService


((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 03:24 . 2010-10-09 03:24 -------- d-----w- c:\program files\Jawbone
2010-10-09 03:23 . 2010-10-09 03:24 -------- d-----w- c:\documents and settings\Phillip & Genevieve\Application Data\JawboneUpdater
2010-10-09 00:12 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-09 00:12 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-09 00:12 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-09 00:12 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-09 00:12 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-09 00:12 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-09 00:12 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-08 07:02 . 2010-10-08 07:02 -------- d-----w- c:\program files\MSXML 4.0
2010-10-08 02:03 . 2010-10-08 02:03 -------- d-----w- c:\program files\Speccy
2010-10-08 01:59 . 2010-10-08 01:59 -------- d-----w- c:\documents and settings\Phillip & Genevieve\Local Settings\Application Data\Help
2010-10-07 07:44 . 2009-07-31 14:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-10-07 07:44 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-10-07 07:44 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-10-07 07:30 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-07 07:30 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-07 07:30 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-07 07:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-07 07:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-07 07:29 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-07 07:28 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-07 05:24 . 2010-10-07 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IProt
2010-10-07 05:23 . 2010-10-09 20:11 -------- d-----w- c:\documents and settings\Phillip & Genevieve\Application Data\Software Informer
2010-10-07 05:23 . 2010-10-07 05:23 -------- d-----w- c:\program files\Software Informer
2010-10-07 05:23 . 2010-10-07 05:23 -------- d-----w- c:\program files\Mosaico
2010-10-06 16:20 . 2010-10-06 16:20 -------- d-----w- c:\program files\ESET
2010-10-06 04:26 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2010-10-06 04:25 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-10-06 04:24 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-10-06 04:24 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-10-06 04:24 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-10-06 04:24 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-10-06 04:24 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-10-06 04:24 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-10-06 04:24 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-10-06 04:24 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-06 04:23 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-10-06 04:23 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-10-06 04:03 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-10-06 04:03 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-10-06 04:03 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-10-06 04:03 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-10-06 04:02 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET98.tmp
2010-10-06 04:02 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET8C.tmp
2010-10-06 04:02 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET89.tmp
2010-10-06 02:35 . 2010-10-06 02:35 -------- d-----w- c:\windows\MATS
2010-10-06 02:35 . 2010-10-06 02:35 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-10-04 12:31 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C1747D8-24C6-4A21-8FD5-18088BF86FB0}\mpengine.dll
2010-10-02 01:38 . 2010-10-02 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-10-02 00:07 . 2010-10-02 00:07 -------- d-----w- c:\program files\POSTERIZA
2010-10-02 00:04 . 2010-10-02 00:04 -------- d-----w- c:\documents and settings\Phillip & Genevieve\Application Data\Malwarebytes
2010-10-02 00:04 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 00:04 . 2010-10-02 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 00:04 . 2010-10-02 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 00:04 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-28 18:39 . 2010-09-28 18:39 40960 ----a-r- c:\documents and settings\Phillip & Genevieve\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
2010-09-28 18:39 . 2010-09-28 18:39 -------- d-----w- c:\program files\ItsDeductible2006
2010-09-28 18:38 . 2002-12-05 18:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-09-28 18:38 . 2002-12-02 19:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-09-28 18:38 . 2002-12-02 17:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-09-28 18:38 . 2002-12-02 17:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-09-28 18:38 . 2010-09-28 18:38 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-09-28 18:38 . 2003-02-27 20:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-09-28 18:38 . 2010-09-28 18:38 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-09-28 00:17 . 2010-09-28 00:17 37376 ----a-w- c:\windows\system32\libusb0.dll
2010-09-28 00:17 . 2010-09-28 00:17 20992 ----a-w- c:\windows\system32\drivers\libusb0.sys
2010-09-27 15:38 . 2010-09-27 15:38 -------- d-----w- c:\program files\OutlookSpy
2010-09-21 13:22 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-21 13:22 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-21 13:22 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-21 13:22 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-21 13:22 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-21 13:22 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-21 13:22 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-21 13:21 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-21 13:21 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-21 13:21 . 2010-09-21 13:21 -------- d-----w- c:\program files\Alwil Software
2010-09-21 13:21 . 2010-09-21 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-12 03:35 . 2010-09-29 07:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-12 02:48 . 2010-09-12 02:48 -------- d-----w- c:\program files\Autoruns

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 21:39 . 2010-08-28 21:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Jamcast System Tray Utility"="c:\program files\Jamcast\jctray.exe" [2010-01-31 255160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-28 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Phillip & Genevieve\Start Menu\Programs\Startup\
Jawbone Updater.lnk - c:\program files\Jawbone\JawboneUpdater.exe [2010-9-27 3871384]
Shortcut to GoogleCalendarSync.exe.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

c:\documents and settings\Phillip & Genevieve\Start Menu\Programs\Startup\AutorunsDisabled
X1 System Tray.lnk - c:\program files\X1\X1Systray.exe [2007-4-3 345088]
X1.lnk - c:\program files\X1\X1.exe [2007-4-3 4964352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-29 11:56 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone2PC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Phone2PC.lnk
backup=c:\windows\pss\Phone2PC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Subsonic.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk
backup=c:\windows\pss\Subsonic.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Phillip & Genevieve^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Phillip & Genevieve\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Phillip & Genevieve^Start Menu^Programs^Startup^Shortcut to startserver.bat.lnk]
path=c:\documents and settings\Phillip & Genevieve\Start Menu\Programs\Startup\Shortcut to startserver.bat.lnk
backup=c:\windows\pss\Shortcut to startserver.bat.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Phillip & Genevieve^Start Menu^Programs^Startup^X1 System Tray.lnk]
path=c:\documents and settings\Phillip & Genevieve\Start Menu\Programs\Startup\X1 System Tray.lnk
backup=c:\windows\pss\X1 System Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Phillip & Genevieve^Start Menu^Programs^Startup^X1.lnk]
path=c:\documents and settings\Phillip & Genevieve\Start Menu\Programs\Startup\X1.lnk
backup=c:\windows\pss\X1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
2010-06-20 04:56 32768 ----a-w- c:\program files\MioNet\MioNetLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X1FileMonitor.exe]
2007-04-03 22:08 428544 ----a-w- c:\program files\X1\X1FileMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Subsonic"=2 (0x2)
"MotoConnect Service"=2 (0x2)
"MioNet"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"DroidExplorerService"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Motorola Media Link\\MML.exe"=
"c:\\Program Files\\SurfOffline Professional 2\\SO_PRO.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"d:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/21/2010 9:22 AM 165584]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/21/2010 9:22 AM 17744]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2/1/2010 5:33 PM 87336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 8:55 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/7/2010 6:37 PM 136176]
S2 Jamcast;Jamcast;c:\program files\Jamcast\jamcastsvc.exe [1/31/2010 4:29 PM 64696]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [4/9/2010 12:21 AM 25856]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/28/2010 5:39 PM 30192]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [9/27/2010 8:17 PM 20992]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\J River\Media Jukebox 14\JRService.exe [8/23/2010 12:03 PM 379400]
S4 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2/3/2010 10:34 PM 253440]
S4 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [6/10/2008 3:05 PM 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-09 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 21:05]

2010-10-09 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 21:05]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 22:37]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 22:37]

2010-10-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: {EB199A73-6B71-4D76-BD27-EDD47339E402} = 192.168.1.1,71.242.0.12
FF - ProfilePath - c:\documents and settings\Phillip & Genevieve\Application Data\Mozilla\Firefox\Profiles\6r4as3df.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-WD Anywhere Backup - c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe
AddRemove-{68131B0A-D78D-4aed-B74E-33A6C7324E50} - c:\program files\WD\WD Anywhere Backup\uninstall.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(1896)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-10-09 17:27:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-09 21:27
ComboFix2.txt 2010-10-03 20:39
ComboFix3.txt 2010-10-02 00:41

Pre-Run: 256,500,445,184 bytes free
Post-Run: 256,807,112,704 bytes free

- - End Of File - - B20DE958058F76509AA8CE5B99F6ACC7

Edited by KeithKatz, 09 October 2010 - 05:03 PM.


#14 KeithKatz

KeithKatz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 09 October 2010 - 07:50 PM

Awaiting further instructions

Edited by KeithKatz, 09 October 2010 - 07:51 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:30 AM

Posted 10 October 2010 - 02:19 AM

Hello again,

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Avast.

When done, please let me know how things are running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users