Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IBM X41 Thinkpad


  • This topic is locked This topic is locked
27 replies to this topic

#1 JMil

JMil

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 04 November 2010 - 11:32 AM

A post at http://community.norton.com/t5/Norton-Internet-Security-Norton/Sudden-multiple-daily-attacks/m-p/255571 recommended this site.

As noted in the topic my infected machine ia an IBM Lenovo X41 Thinkpad Type 1866 - 6TU running Windows XP Tablet edition.

I've gone to your intro page and started preparing the requested logs but DDS does not complete and my machine hangs up not responding to anything other than a power off. I do not get the last line saying logs will opened in 2 Notepad windows instead I get a line of :::'s
and then an unresponsive machine.

I have no known pgms inhibiting scripting and cannot find a method in XP that would inhibit scripting.

I have turned off the internet connection and disabled Norton's Anti-Virus.



Bottom line, how do I get DDS to successfully run so I can get the logs?




Thanks for your time and effort.

Regards, Jer

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 12 November 2010 - 06:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. We'll see if you can get these to run instead of DDS.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 15 November 2010 - 01:41 PM

Thank you for your response.

I have completed the logs for OTL, which are in this reponse, but have not been able to complete GMER which hangs the machine and requires powering off ( ctl-alt-del and all keystrokes are unresponsive.

Let me add that the problem started around October 1, almost 7 weeks ago. I bring this up because I noticed OTL checked files that were 30 days old. The problem is older than 30 days.

Also in the interim I have tried and altered items in the machine while attempting to fix the problem so what you see in the logs is the machine state now not as it was when the problem started.

Logs follow, no GMER log but it did state twice, once at the beginning and once at the end, "GMER has found system modification caused by ROOTKIT activity."


Jer




OTL logfile created on: 11/14/2010 8:59:11 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jer\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 23.92 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 2.61 Gb Free Space | 69.37% Space Free | Partition Type: FAT32

Computer Name: IJER | User Name: Jer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 20:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
PRC - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2008/04/13 19:12:40 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 10:13:32 | 000,143,360 | ---- | M] (FarStone Technology Inc.) -- C:\Program Files\FarStone\VirtualDrive\vdtask.exe
PRC - [2005/06/13 05:07:02 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/06/13 05:07:02 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/05/27 03:03:00 | 000,827,392 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.exe
PRC - [2005/05/25 00:41:58 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/05/25 00:41:26 | 001,245,268 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2005/05/25 00:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/05/20 10:23:18 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
PRC - [2005/04/05 17:14:34 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/04/04 14:43:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/03/24 18:20:34 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/03/23 04:11:00 | 000,217,088 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2005/02/18 05:51:00 | 000,094,208 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2005/01/24 23:35:34 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/12/16 06:49:44 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/12/16 05:41:56 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/11/05 03:30:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2004/11/04 11:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2004/10/14 11:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/06 18:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/05/24 12:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2003/10/29 05:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/29 05:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 20:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
MOD - [2008/04/13 19:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll
MOD - [2008/04/13 11:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2002/08/29 05:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
SRV - [2009/04/04 13:41:21 | 000,625,357 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1d480d61.dll -- (.Net CLR)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/06/13 05:07:02 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/05/25 00:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/01/24 23:35:34 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/12/16 06:49:44 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/11/05 03:30:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2004/11/04 11:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2004/05/24 12:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/11/14 20:56:22 | 000,004,474 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\GATHER.KM -- (EGATHDRV)
DRV - [2010/11/04 08:38:41 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/03 00:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101108.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/11/03 00:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101108.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/02 23:22:13 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/29 14:41:30 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/10/21 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/19 15:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101104.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/08/31 17:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/28 22:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/28 21:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/28 21:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/12 20:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/26 23:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/13 05:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/07/21 22:36:50 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/06/13 05:07:02 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/06/13 05:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/06/13 05:07:02 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/05/25 00:59:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/25 00:58:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/25 00:57:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/25 00:57:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/25 00:23:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/05/12 16:07:24 | 000,011,136 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2005/04/25 13:41:20 | 000,057,216 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (FVDSCSI)
DRV - [2005/04/13 03:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/04/01 04:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/02/18 05:51:00 | 000,013,872 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005/02/01 19:00:42 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2005/02/01 17:25:08 | 000,007,475 | ---- | M] (IBM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tkbtnpn.sys -- (HBtnKey)
DRV - [2005/01/26 02:03:32 | 000,015,360 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtmelTpm.sys -- (AtmelTpm)
DRV - [2005/01/21 03:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 03:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/01/14 14:20:26 | 000,059,776 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/12/28 14:31:50 | 000,449,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/16 06:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/06 19:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/02 18:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 17:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/11/10 18:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 18:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 18:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/05 03:30:00 | 000,012,944 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2004/11/04 11:52:10 | 000,024,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2004/09/06 18:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/14 14:59:00 | 000,004,608 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2004/02/23 07:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2002/04/24 13:50:00 | 000,018,176 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynasUSB.sys -- (SynasUSB)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/04/09 11:03:00 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)
DRV - [2000/05/31 22:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/q?s=spy
IE - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.finance.yahoo.com/q?s=spy"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/11/04 10:17:30 | 000,000,000 | ---D | M]

[2010/10/07 17:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Mozilla\Extensions
[2010/10/07 17:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Mozilla\Firefox\Profiles\vqzh9v9b.default\extensions
[2010/09/16 08:33:38 | 000,002,075 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/10/24 14:39:54 | 000,000,865 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 osawarepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 osawarepro2009.com
O1 - Hosts: 91.212.127.227 www.osawarepro2009.com
O1 - Hosts: 127.0.0.1 lkaturl71.com
O1 - Hosts: 127.0.0.1 68b6b6b6.com
O1 - Hosts: 127.0.0.1 ashanti-style.us
O1 - Hosts: 127.0.0.1 lkckclckli1i.com
O1 - Hosts: 127.0.0.1 lkckclckl1i1i.com
O1 - Hosts: 127.0.0.1 c3.lkckclckli1i.com
O1 - Hosts: 127.0.0.1 kangojjm1.com
O1 - Hosts: 127.0.0.1 c3.lkckclckl1i1i.com
O1 - Hosts: 127.0.0.1 top10webresults.com
O1 - Hosts: 127.0.0.1 edgecombe.org
O1 - Hosts: 127.0.0.1 checkscashed.com
O1 - Hosts: 127.0.0.1 34jh7alm94.asia
O1 - Hosts: 64.280.126.64 sitefile.org
O1 - Hosts: 64.208.126
O1 - Hosts: 64.208.126.26
O1 - Hosts: 64.208.126.83
O1 - Hosts: 64.208.126.43
O1 - Hosts: 64.208.126.58
O1 - Hosts: 208.29.69.139
O1 - Hosts: 208.29.69.138
O1 - Hosts: 16 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ControlCenter] C:\Program Files\IBM fingerprint software\ctlcntr.exe (UPEK Inc.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [IBMTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE (IBM Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (IBM Corporation)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\VDTask.exe (FarStone Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found
O4 - HKU\S-1-5-20..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe (Alias Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 23:08:28 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b2d40f9-e3a3-11df-8bdc-0014a439fb40}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{0b2d40fd-e3a3-11df-8bdc-0014a439fb40}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{0b2d40ff-e3a3-11df-8bdc-0014a439fb40}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{4e6e08fb-f48d-11de-8b79-0014a4dcf3ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e6e08fb-f48d-11de-8b79-0014a4dcf3ed}\Shell\AutoRun\command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{4e6e08fb-f48d-11de-8b79-0014a4dcf3ed}\Shell\Install\Command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{75803172-ada8-11dc-8b30-0014a4dcf3ed}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{d53cece7-1935-11db-8af8-0014a439fb40}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: 6to4 - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465003472846848)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 20:57:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
[2010/11/08 13:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Local Settings\Application Data\Symantec
[2010/11/04 08:37:01 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.sys
[2010/11/04 08:37:01 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdi.sys
[2010/11/04 08:37:01 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdiv.sys
[2010/11/04 08:37:01 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnets.sys
[2010/11/04 08:37:00 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.sys
[2010/11/04 08:37:00 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.sys
[2010/11/04 08:37:00 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Ironx86.sys
[2010/11/04 08:37:00 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.sys
[2010/11/04 08:36:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1201000.025
[2010/11/03 12:10:24 | 015,633,288 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Jer\My Documents\rminstall.exe
[2010/11/03 12:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Xls
[2010/11/03 12:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Working and Filled Orders_files
[2010/11/03 12:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Visual Studio Projects
[2010/11/03 12:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Visual Studio 2005
[2010/11/03 12:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Trades
[2010/11/03 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\ThoroughbredRacing
[2010/11/03 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Symantec
[2010/11/03 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\ScanResults
[2010/11/03 12:05:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jer\My Documents\My Videos
[2010/11/03 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\samples
[2010/11/03 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\OX07account_activity_files
[2010/11/03 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\OptionsXpress
[2010/11/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\My Notes
[2010/11/03 12:05:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jer\My Documents\My Magazines
[2010/11/03 12:05:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jer\My Documents\My Data Sources
[2010/11/03 12:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\My eBooks
[2010/11/03 12:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Microsoft Press
[2010/11/03 12:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\MACD_XL
[2010/11/03 12:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JSP
[2010/11/03 12:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersVideos
[2010/11/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersTrades06_files
[2010/11/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersPossibleTrades
[2010/11/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersCubase
[2010/11/03 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Inqueue
[2010/11/03 12:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\IBD100
[2010/11/03 12:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\HistoricalStockData
[2010/11/03 12:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\HarnessRacingOld
[2010/11/03 12:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\eqbSummaryResultsDisplay_files
[2010/11/03 12:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Downloads
[2010/11/03 11:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\CSharpGraphics
[2010/11/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Collars
[2010/11/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\CandleStickStudy
[2010/11/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Book2_files
[2010/11/03 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\BB's&MA's
[2010/11/03 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\AgilixLog
[2010/11/03 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\aaatrades_files
[2010/11/02 22:43:31 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/02 22:43:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/02 22:41:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010/11/02 22:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/11/02 22:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/11/02 20:06:43 | 000,000,000 | ---D | C] -- C:\JersCollarDev
[2010/11/02 18:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\HarnessRacing
[2010/11/02 18:36:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/02 18:35:53 | 000,000,000 | ---D | C] -- C:\JersVB
[2010/11/02 18:35:02 | 000,000,000 | ---D | C] -- C:\JersCSharp
[2010/11/01 21:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jer\My Documents\My Music
[2010/11/01 21:01:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jer\My Documents\My Pictures
[2010/11/01 20:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/31 11:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security EssentialsOLD
[2010/10/30 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/10/30 20:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/10/29 16:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/10/29 14:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/10/29 14:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/10/25 14:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Application Data\Registry Mechanic
[2010/10/25 14:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/21 00:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Local Settings\Application Data\PCHealth
[2010/10/16 09:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Application Data\Tific
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 21:05:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\JersDownloader.job
[2010/11/14 20:56:22 | 000,004,474 | ---- | M] () -- C:\WINDOWS\GATHER.KM
[2010/11/14 20:55:23 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 20:49:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 20:49:14 | 1600,622,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 20:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
[2010/11/08 13:55:52 | 000,467,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 13:55:52 | 000,088,088 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 16:19:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\JDwnLdRaces.job
[2010/11/04 09:49:52 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\dds.scr
[2010/11/04 09:44:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jer\defogger_reenable
[2010/11/04 09:39:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Defogger.exe
[2010/11/04 08:46:30 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/11/04 08:44:55 | 000,591,630 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/04 08:38:41 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/04 08:38:41 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/04 08:38:41 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/11/04 08:38:41 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/04 08:34:46 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Jer\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/03 12:15:13 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Jerlog.xls
[2010/11/03 12:12:08 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Microsoft Excel (2).lnk
[2010/11/03 10:52:49 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\JersAnagram.job
[2010/11/03 10:52:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\JersCalendar.job
[2010/11/01 21:02:06 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/01 21:01:48 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Jer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/01 20:49:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/31 11:41:34 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Microsoft Security Essentials (2).lnk
[2010/10/30 21:08:27 | 000,607,326 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/10/30 12:59:04 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/10/29 20:52:04 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Scheduled Tasks (2).lnk
[2010/10/29 14:41:21 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Suite.lnk
[2010/10/28 10:19:33 | 012,630,894 | ---- | M] () -- C:\Infecteddirlst.prn
[2010/10/27 15:35:52 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Command Prompt (2).lnk
[2010/10/25 21:31:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\BounceBack Reminder.job
[2010/10/25 14:19:18 | 015,633,288 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Jer\My Documents\rminstall.exe
[2010/10/24 10:32:12 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Windows Explorer (2).lnk
[2010/10/23 19:16:40 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Spider Solitaire (2).lnk
[2010/10/22 12:59:42 | 025,705,101 | ---- | M] () -- C:\Documents and Settings\Jer\seagatedir.prn
[2010/10/22 12:46:32 | 002,032,569 | ---- | M] () -- C:\Documents and Settings\Jer\iomegadir.prn
[2010/10/17 19:15:44 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Files named Temporary Internet Files.fnd
[2010/10/17 19:08:57 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Files named ie5.fnd
[2010/10/17 09:41:36 | 000,012,648 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\2010ToDoList.rtf
[2010/10/16 15:50:42 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\StockDownload Times.xls
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 17:34:26 | 1600,622,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 09:52:12 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\dds.scr
[2010/11/04 09:44:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jer\defogger_reenable
[2010/11/04 09:42:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\Defogger.exe
[2010/11/04 08:43:37 | 000,591,630 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/04 08:36:17 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.inf
[2010/11/04 08:36:17 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.inf
[2010/11/04 08:36:17 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNetV.inf
[2010/11/04 08:36:17 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.inf
[2010/11/04 08:36:17 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.inf
[2010/11/04 08:36:17 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.inf
[2010/11/04 08:36:17 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Iron.inf
[2010/11/04 08:36:15 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnetv.cat
[2010/11/04 08:36:15 | 000,007,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.cat
[2010/11/04 08:36:15 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.cat
[2010/11/04 08:36:15 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.cat
[2010/11/04 08:36:15 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.cat
[2010/11/04 08:36:15 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.cat
[2010/11/04 08:36:15 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\iron.cat
[2010/11/04 08:36:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\isolate.ini
[2010/11/04 01:01:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/03 12:11:22 | 004,671,488 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\z11sept2001.pps
[2010/11/03 12:11:22 | 000,294,935 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Zazzle_com Order Confirmation.mht
[2010/11/03 12:11:21 | 000,446,749 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\YouTube - Ray Stevens----It's me again magret!.mht
[2010/11/03 12:11:21 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptions091607.xls
[2010/11/03 12:11:21 | 000,132,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\YouTube - [High Quality] Blue Angels - censored, no Van Halen Dreams.mht
[2010/11/03 12:11:21 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptions.xls
[2010/11/03 12:11:21 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptions092107.xls
[2010/11/03 12:11:21 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\working072507.xls
[2010/11/03 12:11:21 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptA.xls
[2010/11/03 12:11:21 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptA1.xls
[2010/11/03 12:11:21 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Yahoo Options.xls
[2010/11/03 12:11:21 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlUsingIE.xls
[2010/11/03 12:11:21 | 000,010,385 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Working and Filled Orders.htm
[2010/11/03 12:11:11 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\VideoDisksDescriptions.xls
[2010/11/03 12:11:11 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\working072407.xls
[2010/11/03 12:11:11 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\VideoIndex.xls
[2010/11/03 12:11:11 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Vonage.rtf
[2010/11/03 12:11:11 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Walmart_com - Checkout.mht
[2010/11/03 12:11:10 | 000,061,337 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\VideoDiskDescriptions.rtf
[2010/11/03 12:11:01 | 017,030,510 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\video.flv
[2010/11/03 12:11:01 | 000,561,152 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Tst1.mdb
[2010/11/03 12:11:01 | 000,066,209 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\TRAINRHP.DBF
[2010/11/03 12:11:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\TradeLog.xls
[2010/11/03 12:11:01 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\UDRS.xls
[2010/11/03 12:11:01 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Video1.rtf
[2010/11/03 12:11:01 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\TshirtLogos.rtf
[2010/11/03 12:11:00 | 002,231,296 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ThinkPad2655Manual.pdf
[2010/11/03 12:11:00 | 001,165,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Symbols112507.xls
[2010/11/03 12:11:00 | 000,661,607 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Super 8 Hotels.mht
[2010/11/03 12:11:00 | 000,333,933 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\The Teaching Company - Order Confirmation.mht
[2010/11/03 12:11:00 | 000,029,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Thanks for shopping at JohnGaltGifts_com.htm
[2010/11/03 12:11:00 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SylSav2009.xls
[2010/11/03 12:11:00 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SudokuGrid.xls
[2010/11/03 12:11:00 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SylSav2009.rtf
[2010/11/03 12:11:00 | 000,000,492 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Sudoku_articles.rtf
[2010/11/03 12:10:59 | 000,694,272 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Sudoku .xls
[2010/11/03 12:10:59 | 000,436,736 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0710.xls
[2010/11/03 12:10:59 | 000,192,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0910.xls
[2010/11/03 12:10:59 | 000,178,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Sudoku.xls
[2010/11/03 12:10:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0710a.xls
[2010/11/03 12:10:58 | 000,470,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StockSymbols.xls
[2010/11/03 12:10:58 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Stocks2Trk.xls
[2010/11/03 12:10:58 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\stream.pls
[2010/11/03 12:10:58 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\stream.ram
[2010/11/03 12:10:57 | 000,259,584 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaTime.xls
[2010/11/03 12:10:57 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StockNames.xls
[2010/11/03 12:10:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StockDownload Times.xls
[2010/11/03 12:10:56 | 003,176,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaRsltTotal.xls
[2010/11/03 12:10:50 | 011,852,288 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaOddsChk.xls
[2010/11/03 12:10:46 | 009,608,192 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\STGAMasterRaceCSVTotal.xls
[2010/11/03 12:10:38 | 003,812,352 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Stgakey.xls
[2010/11/03 12:10:38 | 001,707,521 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Stgakey.csv
[2010/11/03 12:10:37 | 004,877,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaHarnessRslt.xls
[2010/11/03 12:10:34 | 010,838,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaHarnessRslt.mdb
[2010/11/03 12:10:34 | 000,097,185 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\STGAENTRIES.mht
[2010/11/03 12:10:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StdDev.xls
[2010/11/03 12:10:34 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Srtga081508.xls
[2010/11/03 12:10:34 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SpreadProgress.xls
[2010/11/03 12:10:34 | 000,009,376 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SpreadProgress.htm
[2010/11/03 12:10:34 | 000,001,449 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SpreadProgress.rtf
[2010/11/03 12:10:33 | 004,819,090 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Short_Term_Trading_System.pdf
[2010/11/03 12:10:33 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ScanResult101007.xls
[2010/11/03 12:10:33 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SP500symbols.xls
[2010/11/03 12:10:33 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ScanInputMaster.xls
[2010/11/03 12:10:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SaraPlaceBet.xls
[2010/11/03 12:10:33 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SMAXovrTrades052908.xls
[2010/11/03 12:10:33 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Scorecard.xls
[2010/11/03 12:10:33 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SIREHP.DBF
[2010/11/03 12:10:33 | 000,005,465 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Social Security Death Index Search Results.htm
[2010/11/03 12:10:33 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\spider.sav
[2010/11/03 12:10:32 | 000,398,245 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RUNLINHP.DBF
[2010/11/03 12:10:32 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Ryanletter.rtf
[2010/11/03 12:10:30 | 000,433,152 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ROCSystemSummary.xls
[2010/11/03 12:10:23 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RaceCSVTotal.xls
[2010/11/03 12:10:23 | 000,108,664 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Receipt for Order# 55346 at Poland by Mail.mht
[2010/11/03 12:10:23 | 000,108,012 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Receipt for Order# 54796 at Poland by Mail.mht
[2010/11/03 12:10:23 | 000,102,597 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Racing.mht
[2010/11/03 12:10:23 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Racing_Tables_Fields.xls
[2010/11/03 12:10:23 | 000,014,818 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RDB Design.rtf
[2010/11/03 12:10:23 | 000,011,879 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RACESHP.DBF
[2010/11/03 12:10:23 | 000,007,571 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RdngHrnsEntries.rtf
[2010/11/03 12:10:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RacePgms.rtf
[2010/11/03 12:10:22 | 000,662,862 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\QQQ_Active_Collar_Paper_website_v3.pdf
[2010/11/03 12:10:22 | 000,345,334 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Quark.mht
[2010/11/03 12:10:22 | 000,233,984 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\QQQQ.xls
[2010/11/03 12:10:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PS2P.xls
[2010/11/03 12:10:22 | 000,003,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTTRHP.DBF
[2010/11/03 12:10:22 | 000,003,122 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTDRTTHP.DBF
[2010/11/03 12:10:22 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTDROFHP.DBF
[2010/11/03 12:10:22 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTDRFTHP.DBF
[2010/11/03 12:10:19 | 000,600,023 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Programming for Fun and Profit - Using the Card_dll — Developer_com.mht
[2010/11/03 12:10:16 | 000,485,085 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\platinumharness.pdf
[2010/11/03 12:10:16 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\POWTBLHP.DBF
[2010/11/03 12:10:15 | 008,995,189 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PDF32000_2008.pdf
[2010/11/03 12:10:15 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Ox102107.xls
[2010/11/03 12:10:15 | 000,014,669 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OXScreen.xls
[2010/11/03 12:10:15 | 000,010,738 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OX07account_activity.xls
[2010/11/03 12:10:14 | 000,021,633 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OX06account_activity.xls
[2010/11/03 12:10:13 | 000,563,306 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYX Options for NYSE EURONEXT - 050109.mht
[2010/11/03 12:10:13 | 000,522,099 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYX Options for NYSE EURONEXT - Yahoo! Finance.mht
[2010/11/03 12:10:13 | 000,460,800 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Optn10.xls
[2010/11/03 12:10:13 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYXStrength.xls
[2010/11/03 12:10:13 | 000,125,440 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYX_TradeBand.xls
[2010/11/03 12:10:13 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OilServices.xls
[2010/11/03 12:10:13 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OprioneticsTrades.xls
[2010/11/03 12:10:13 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OptionPricing.xls
[2010/11/03 12:10:13 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Olympic.rtf
[2010/11/03 12:10:13 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Order Submission Process - medco_com ®.htm
[2010/11/03 12:10:12 | 000,907,776 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NKE.xls
[2010/11/03 12:10:12 | 000,742,659 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Nation's soaring deficit calls for painful choices - USATODAY_com.mht
[2010/11/03 12:10:12 | 000,370,197 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NatlHlthCare.pdf
[2010/11/03 12:10:12 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Names.xls
[2010/11/03 12:10:12 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Nison's_CndlStckChrtngTeknke.rtf
[2010/11/03 12:10:12 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NET2005.rtf
[2010/11/03 12:10:07 | 000,130,616 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\mxx0221b.exe
[2010/11/03 12:10:06 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\music.rtf
[2010/11/03 12:10:05 | 010,564,608 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MRaceCSVTotal.xls
[2010/11/03 12:10:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Music Education Program.doc
[2010/11/03 12:10:03 | 000,449,883 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\mondaysentries.pdf
[2010/11/03 12:10:03 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MasterRaceCSVTotal.xls
[2010/11/03 12:10:03 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MOS.xls
[2010/11/03 12:10:02 | 001,016,832 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_PGM.xls
[2010/11/03 12:10:00 | 002,874,880 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_DJI_COP_NYX.xls
[2010/11/03 12:10:00 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_DJI_AAPL.xls
[2010/11/03 12:10:00 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_DJI.xls
[2010/11/03 12:09:59 | 000,821,028 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\lighthousetvl.pdf
[2010/11/03 12:09:59 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\M021910.xls
[2010/11/03 12:09:59 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Loan65.xls
[2010/11/03 12:09:58 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\LexusMileage.xls
[2010/11/03 12:09:58 | 000,001,308 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\L2EJan2010.rtf
[2010/11/03 12:09:57 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Kmortg.rtf
[2010/11/03 12:09:56 | 000,787,968 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JVIX.xls
[2010/11/03 12:09:56 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jtst112607.xls
[2010/11/03 12:09:23 | 070,275,072 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JTest_Backup.mdb
[2010/11/03 12:09:12 | 021,385,216 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JTest.mdb
[2010/11/03 12:09:12 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JSyms.csv
[2010/11/03 12:09:07 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JJ.mdb
[2010/11/03 12:09:07 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JSPNames.xls
[2010/11/03 12:09:07 | 000,006,151 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\jstk101.csv
[2010/11/03 12:09:07 | 000,001,236 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JList.rtf
[2010/11/03 12:09:07 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jltr.rtf
[2010/11/03 12:09:07 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JInstall.bat
[2010/11/03 12:09:07 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JJInstall.bat
[2010/11/03 12:09:07 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JJJ.csv
[2010/11/03 12:09:03 | 003,200,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerTest.xls
[2010/11/03 12:09:03 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersXlHndiCapSht.xls
[2010/11/03 12:09:03 | 000,021,633 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersTrades.xls
[2010/11/03 12:09:03 | 000,011,100 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersTrades06.xls
[2010/11/03 12:09:03 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jerswebsite.htm
[2010/11/03 12:08:58 | 001,485,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRaceBook.xls
[2010/11/03 12:08:58 | 000,050,559 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersTest.pdf
[2010/11/03 12:08:56 | 008,360,448 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRaceBook .xls
[2010/11/03 12:08:51 | 007,910,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRaceBook1.xls
[2010/11/03 12:08:50 | 000,254,464 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersIntraDayTradingC.xls
[2010/11/03 12:08:50 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRace.xls
[2010/11/03 12:08:50 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersNames.csv
[2010/11/03 12:08:49 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\jersharnessfrm.xls
[2010/11/03 12:08:48 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jerlog.xls
[2010/11/03 12:08:48 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jerlog .xls
[2010/11/03 12:08:48 | 000,156,770 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerRESULTS.htm
[2010/11/03 12:08:48 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jer.xls
[2010/11/03 12:08:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jersfix.xls
[2010/11/03 12:08:48 | 000,006,603 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerPokerTuesday.POK
[2010/11/03 12:08:48 | 000,006,602 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerPokerMonday.POK
[2010/11/03 12:08:48 | 000,006,595 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerPokerFriday.POK
[2010/11/03 12:08:47 | 000,425,984 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jer2.mdb
[2010/11/03 12:08:47 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jer062008.xls
[2010/11/03 12:08:47 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JBook1.xls
[2010/11/03 12:08:46 | 000,725,650 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JanUnemploymentChart.pdf
[2010/11/03 12:08:46 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\j199.csv
[2010/11/03 12:06:52 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\IBDMas.xls
[2010/11/03 12:06:52 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\IBMOptions (version 1).xls
[2010/11/03 12:06:52 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\IBMOptions.xls
[2010/11/03 12:06:51 | 000,815,933 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HW_FRM_IBM_470IAcclarisSHAPClaimSB_3899.pdf
[2010/11/03 12:06:50 | 000,763,494 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Hotels - Hotel reviews from people like you - Welcome to.mht
[2010/11/03 12:06:50 | 000,700,416 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HOV.xls
[2010/11/03 12:06:50 | 000,144,290 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HORSEHP.DBF
[2010/11/03 12:06:50 | 000,002,401 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HndiCapChkMrk.rtf
[2010/11/03 12:06:50 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HomeDepot.rtf
[2010/11/03 12:06:50 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HotDogSauce.rtf
[2010/11/03 12:06:49 | 001,466,368 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HistVol_AAPL.xls
[2010/11/03 12:06:49 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HAUGVol.xls
[2010/11/03 12:06:48 | 001,779,401 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Guest confirmation information.mht
[2010/11/03 12:06:48 | 000,707,783 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\harnesspps.pdf
[2010/11/03 12:06:48 | 000,056,600 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Fw__Summary_of_Healthcare_Bill.eml
[2010/11/03 12:06:48 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\GMStraddleDelta Neutral.xls
[2010/11/03 12:06:48 | 000,017,349 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Fw_ Tronto Seminar Location_Scheduel.eml
[2010/11/03 12:06:48 | 000,017,045 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\giovanniorder.rtf
[2010/11/03 12:06:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Gamma.xls
[2010/11/03 12:06:48 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\GJNames.xls
[2010/11/03 12:06:48 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\FlowChart.xls
[2010/11/03 12:06:48 | 000,005,040 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Futurlec_com - Order Form.htm
[2010/11/03 12:06:48 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Harfa_Album.rtf
[2010/11/03 12:06:48 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\GoodEnough.rtf
[2010/11/03 12:06:48 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Files named Temporary Internet Files.fnd
[2010/11/03 12:06:48 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Files named ie5.fnd
[2010/11/03 12:06:47 | 000,792,576 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ERTS.xls
[2010/11/03 12:06:47 | 000,782,542 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\equibasefullpp.pdf
[2010/11/03 12:06:47 | 000,540,346 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Fidelity NetBenefits.mht
[2010/11/03 12:06:47 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\expirationFriday.xls
[2010/11/03 12:06:45 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\EMAExample.xls
[2010/11/03 12:06:45 | 000,073,909 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\eqbSummaryResultsDisplay.htm
[2010/11/03 12:06:45 | 000,070,465 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DRIVERHP.DBF
[2010/11/03 12:06:45 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\EMACD_DJI.xls
[2010/11/03 12:06:45 | 000,004,573 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\EditorIntro.rtf
[2010/11/03 12:06:45 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Dylan2.rtf
[2010/11/03 12:06:45 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Dylan.rtf
[2010/11/03 12:06:45 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DVDCopy.rtf
[2010/11/03 12:06:45 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\download.png
[2010/11/03 12:06:44 | 001,479,680 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DJI_MACD.xls
[2010/11/03 12:06:44 | 001,085,440 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DJI112507 (version 1).xls
[2010/11/03 12:06:44 | 001,021,952 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DJI112507.xls
[2010/11/03 12:06:44 | 000,986,624 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Dow87.xls
[2010/11/03 12:06:44 | 000,235,008 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DKS.xls
[2010/11/03 12:06:43 | 002,514,959 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\dir.prnold
[2010/11/03 12:06:43 | 000,002,826 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\dir.prn
[2010/11/03 12:06:25 | 000,016,355 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DAMHP.DBF
[2010/11/03 12:06:25 | 000,010,229 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DangerousHerbs.rtf
[2010/11/03 12:06:24 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CVTX082407.xls
[2010/11/03 12:06:24 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CsYahVolComp.xls
[2010/11/03 12:06:24 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CsNeededMods.rtf
[2010/11/03 12:06:23 | 001,158,656 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\COP.xls
[2010/11/03 12:06:23 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarTrackingRevC Jers.xls
[2010/11/03 12:06:23 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarTrackingRevC.xls
[2010/11/03 12:06:23 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarScan012008.xls
[2010/11/03 12:06:23 | 000,100,621 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Confirmation.mht
[2010/11/03 12:06:23 | 000,010,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Computer Memory, Laptop Batteries - Kahlon_com.htm
[2010/11/03 12:06:23 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CorptaxNYX.rtf
[2010/11/03 12:06:22 | 000,644,608 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarCandidates102207.xls
[2010/11/03 12:06:22 | 000,002,669 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CleanCatskill.rtf
[2010/11/03 12:06:22 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CleanCatskill1.rtf
[2010/11/03 12:06:21 | 000,004,120 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Class1.cs
[2010/11/03 12:06:18 | 005,010,432 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\christmas.pps
[2010/11/03 12:06:18 | 001,112,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CHistVolCOP.xls
[2010/11/03 12:06:17 | 000,962,560 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CHistVolAAPL.xls
[2010/11/03 12:06:17 | 000,653,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CalendarCandidates102207.xls
[2010/11/03 12:06:17 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BoseMusic.xls
[2010/11/03 12:06:17 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Cal0618.xls
[2010/11/03 12:06:17 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CandlTrades052708.xls
[2010/11/03 12:06:17 | 000,011,228 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Book2.htm
[2010/11/03 12:06:17 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Charlie.rtf
[2010/11/03 12:06:16 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BOEAddress.rtf
[2010/11/03 12:06:15 | 000,154,706 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\bloom_month.pdf
[2010/11/03 12:06:13 | 005,308,124 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BigDeck.wmv
[2010/11/03 12:06:13 | 000,836,608 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BBBY.xls
[2010/11/03 12:06:13 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BA.mdb
[2010/11/03 12:06:13 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Backgammon.xls
[2010/11/03 12:06:13 | 000,017,899 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\B&H Invoice.htm
[2010/11/03 12:06:12 | 000,748,032 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AZO.xls
[2010/11/03 12:06:12 | 000,409,020 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\adoptedbudgetpersonnellisting2010.pdf
[2010/11/03 12:06:12 | 000,166,023 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Amazon_com Thanks You.htm
[2010/11/03 12:06:12 | 000,135,607 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\alexwilson.rtf
[2010/11/03 12:06:12 | 000,005,428 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AUCTIONP.DBF
[2010/11/03 12:06:12 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\asteroid.rtf
[2010/11/03 12:06:10 | 004,083,712 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AAPLVolatiltyCorrelation.xls
[2010/11/03 12:06:10 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AccessRaceTables.xls
[2010/11/03 12:06:10 | 000,006,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AccessRaceTables.rtf
[2010/11/03 12:06:10 | 000,003,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\account_activity.xls
[2010/11/03 12:06:09 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AAPLCOLLARRESULTS.xls
[2010/11/03 12:06:09 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AAPLTrainer.xls
[2010/11/03 12:06:09 | 000,016,250 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\232283184717.xls
[2010/11/03 12:06:09 | 000,010,823 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\aaatrades.htm
[2010/11/03 12:06:08 | 000,280,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\080806QQQQ.xls
[2010/11/03 12:06:08 | 000,222,720 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\072706DOW.xls
[2010/11/03 12:06:08 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\129196S&PMAD.xls
[2010/11/03 12:06:08 | 000,052,638 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\232283103239.xls
[2010/11/03 12:06:08 | 000,050,036 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\129196S&PMAD.csv
[2010/11/03 12:06:08 | 000,014,669 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\232283154846.xls
[2010/11/03 12:06:08 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\120606JersAcct.xls
[2010/11/03 12:06:07 | 000,021,559 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\8912.zip
[2010/11/03 12:06:07 | 000,012,648 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010ToDoList.rtf
[2010/11/03 12:06:06 | 005,810,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010RaceSchedule.xls
[2010/11/03 12:06:05 | 000,203,212 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010_Racing_calendar1.sflb.pdf
[2010/11/03 12:06:05 | 000,013,494 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010RaceSchedule.csv
[2010/11/03 12:06:04 | 003,873,792 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\1JersRaceBook1.xls
[2010/11/03 12:06:04 | 000,020,161 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\23_program_agreement.pdf
[2010/11/03 12:06:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\3rdFri.xls
[2010/11/03 12:06:04 | 000,004,057 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\8Candlesticks.rtf
[2010/11/03 12:06:04 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2009Schedule.rtf
[2010/11/03 12:06:04 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2006taxletter.rtf
[2010/11/03 12:06:02 | 001,783,572 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\1JersRaceBook1.csv
[2010/11/02 22:43:31 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/11/02 22:43:31 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/02 22:43:10 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/31 11:41:34 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\Microsoft Security Essentials (2).lnk
[2010/10/30 21:08:10 | 000,607,326 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/10/30 12:53:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/10/29 14:41:18 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Suite.lnk
[2010/10/28 10:18:42 | 012,630,894 | ---- | C] () -- C:\Infecteddirlst.prn
[2010/10/22 12:53:32 | 025,705,101 | ---- | C] () -- C:\Documents and Settings\Jer\seagatedir.prn
[2010/10/22 12:45:53 | 002,032,569 | ---- | C] () -- C:\Documents and Settings\Jer\iomegadir.prn
[2010/10/14 20:11:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Jer\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/02 11:03:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OQHQ1H13.dat
[2009/10/28 11:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AUTORUN.INI
[2009/04/04 13:41:21 | 000,625,357 | ---- | C] () -- C:\WINDOWS\System32\1d480d61.dll
[2008/08/25 12:12:33 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TMODDS.INI
[2008/08/25 11:57:02 | 000,000,932 | ---- | C] () -- C:\WINDOWS\HMPLUS.INI
[2008/08/25 11:57:02 | 000,000,053 | ---- | C] () -- C:\WINDOWS\HMODDS.INI
[2008/07/26 10:57:33 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\synsopos.ini
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/22 17:04:48 | 000,000,924 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/21 23:08:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jer\Local Settings\Application Data\fusioncache.dat
[2006/07/21 22:48:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/21 22:47:48 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/07/21 22:41:00 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/07/21 22:22:29 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\PPWInf.dll
[2006/07/21 21:56:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\stkbtnpn.dll
[2006/07/21 21:55:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/07/21 21:55:34 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/07/21 21:54:52 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/07/21 21:51:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/21 21:36:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2006/07/21 20:31:26 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 16:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/05/25 00:32:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/01 19:00:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/02/01 19:00:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/12/16 05:41:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/12/16 05:41:58 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/12/14 16:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\SmAgentAPI.dll
[2004/11/18 20:17:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/05 20:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2004/01/09 08:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/09/20 02:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/05 05:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/16 19:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/30 19:19:24 | 000,006,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/04/10 17:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/06 17:35:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1980/01/01 02:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 02:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

========== LOP Check ==========

[2006/07/21 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alias
[2006/07/21 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FarStone
[2006/07/21 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2010/10/29 16:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/07/21 22:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2006/07/21 22:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix PlanPlus for Windows
[2006/07/21 22:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alias
[2006/07/21 22:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2007/12/17 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/10/30 22:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/21 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Alias
[2006/07/21 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\FarStone
[2006/07/21 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2006/07/21 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Alias
[2006/07/21 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\FarStone
[2010/10/02 16:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\IBM
[2010/10/25 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Registry Mechanic
[2008/07/26 11:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Steinberg
[2010/10/16 09:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Tific
[2008/08/31 15:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Trackmaster
[2010/10/05 16:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\IBM
[2010/10/25 21:31:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\BounceBack Reminder.job
[2010/11/07 16:19:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\JDwnLdRaces.job
[2010/11/03 10:52:49 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\JersAnagram.job
[2010/11/03 10:52:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\JersCalendar.job
[2010/11/14 21:05:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\JersDownloader.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:41:54 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/14 04:41:54 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/18 20:16:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/11/18 20:16:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/11/18 20:16:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2006/07/21 23:08:28 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2006/07/21 23:07:37 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI
[2006/07/21 22:43:38 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2006/07/21 22:50:02 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/11/18 20:06:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/07/21 22:37:04 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2006/07/21 23:08:28 | 000,000,000 | -H-- | M] () -- C:\CONFIG.STM
[2008/08/25 11:57:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/26 16:35:37 | 000,000,800 | ---- | M] () -- C:\engine.log
[2010/11/14 20:49:14 | 1600,622,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 10:19:33 | 012,630,894 | ---- | M] () -- C:\Infecteddirlst.prn
[2006/07/21 23:08:28 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/11/25 18:26:14 | 000,023,646 | ---- | M] () -- C:\Jdir.lst
[2006/07/30 01:09:46 | 000,000,063 | ---- | M] () -- C:\JersInternetReliabilityResult.txt
[2006/07/21 22:17:46 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2007/04/05 13:32:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/19 21:04:31 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/14 20:48:52 | 1600,552,960 | -HS- | M] () -- C:\pagefile.sys
[2009/12/18 15:36:43 | 000,000,592 | ---- | M] () -- C:\RACE_REPLAYS_VIDEOS.rtf
[2006/07/21 20:31:28 | 000,001,175 | ---- | M] () -- C:\SYSLEVEL.IBM
[2006/07/21 20:30:00 | 000,000,043 | ---- | M] () -- C:\TCPACHIP.LOG

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/04/01 14:52:58 | 000,018,432 | R--- | M] (Agilix Labs) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AgilPrt.DLL
[2002/08/29 05:41:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


OTL Extras logfile created on: 11/14/2010 8:59:11 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jer\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 23.92 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 2.61 Gb Free Space | 69.37% Space Free | Partition Type: FAT32

Computer Name: IJER | User Name: Jer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0759CACC-6CF9-4C3C-92C5-39668679AB16}" = Microsoft Ink Desktop
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14081443-583A-4605-BB91-83D38ADAC939}" = Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
"{1759CACC-6CF9-4C3C-92C5-39668679AB17}" = Microsoft Ink Crossword
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}" = Ink Art
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2F06411B-B6EB-4B58-A13F-E1C372713BAA}" = FranklinCovey PlanPlus for Windows
"{3039347B-F7D5-4D67-B15E-C983D0A6474F}" = Academic Student Tools 2003 - English
"{34BFBF2A-06B9-4B5E-BB33-E78B67450ED7}" = IBM fingerprint software 4.5.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{8853C080-7F5C-4020-B663-C57FE29BB858}" = Microsoft Snipping Tool 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = ThinkPad Integrated Bluetooth IV Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2DB59F-091A-40B4-958D-1C8264624126}" = IBM ThinkPad Tablet Shortcut Menu
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{9FC7D8E1-F14F-11D4-943A-00E02950B496}" = Microsoft Office XP Pro Step by Step Interactive
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Power Manager
"{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
"{AA606E48-BAEB-4B80-AEBA-64B286439309}" = Microsoft Visual C# 2005 Step by Step
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BCF46D12-40C6-499B-9386-66500E6251BF}" = TrackMaster
"{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC
"{C1600409-B5DC-42AC-9B00-0B5FBB06F7F2}" = Visual Studio .NET Academic 2003 - English
"{C2421489-BCB7-41C9-8CAB-546CA890E0BD}" = Network Programming for the Microsoft .NET Framework
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D5BB0907-4BB0-46A3-AA68-0173D111058D}" = VirtualDrive
"{E693459B-8BDD-4534-95E5-CD8147268715}" = Alias SketchBook Pro 1.1.1
"{E6DE4F95-AB96-4162-8C1A-09E2C0CD5639}" = Microsoft Visual C Sharp .NET Step by Step Version 2003 eBook
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3244633-69AA-4EB7-ADCB-1C71325D447F}" = IBM ThinkPad Tablet Button Driver
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}" = Microsoft Media Transfer
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA7314E7-9428-4866-80A8-762A538444DB}" = Microsoft Energy Blue Theme Pack
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bicycle Board Games 1.0" = Bicycle Board Games
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"Cubase SX" = Steinberg Cubase SX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Access Version 2002 Inside Out eBook" = Microsoft Access Version 2002 Inside Out eBook
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MSNINST" = MSN
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF2TXT_is1" = PDF2TXT 1.2
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"Running Microsoft Access 2000" = Running Microsoft Access 2000
"thinkorswim" = thinkorswim
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackMaster" = TrackMaster
"TrackPoint" = IBM TrackPoint Support
"Visual Studio .NET Academic 2003 - English" = Microsoft Visual Studio .NET Academic 2003 - English
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPoker6" = WinPoker 6
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zinio Reader" = Zinio Reader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2870070046-1186256036-2191713935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bfdd1da8bf707e92" = TrackMaster Plus Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2010 7:43:09 PM | Computer Name = IJER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00264bb5.

Error - 11/1/2010 9:58:05 PM | Computer Name = IJER | Source = TabSrv | ID = 19
Description =

Error - 11/1/2010 9:58:06 PM | Computer Name = IJER | Source = TabSrv | ID = 19
Description =

Error - 11/1/2010 9:58:06 PM | Computer Name = IJER | Source = TabSrv | ID = 19
Description =

Error - 11/1/2010 10:11:22 PM | Computer Name = IJER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00264bb5.

Error - 11/1/2010 10:24:35 PM | Computer Name = IJER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00264bb5.

Error - 11/3/2010 9:21:34 AM | Computer Name = IJER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00264bb5.

Error - 11/3/2010 9:21:41 AM | Computer Name = IJER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00264bb5.

Error - 11/8/2010 6:19:23 PM | Computer Name = IJER | Source = ESENT | ID = 489
Description = wuauclt (3388) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/8/2010 6:19:23 PM | Computer Name = IJER | Source = ESENT | ID = 455
Description = wuaueng.dll (3388) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 11/14/2010 9:38:24 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7023
Description = The Microsoft .Net Framework COM+ Support service terminated with
the following error: %%193

Error - 11/14/2010 9:38:24 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 eeCtrl SymIRON SYMTDI

Error - 11/14/2010 9:49:52 PM | Computer Name = IJER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 11/14/2010 9:49:52 PM | Computer Name = IJER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 11/14/2010 9:49:52 PM | Computer Name = IJER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 11/14/2010 9:53:45 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%20

Error - 11/14/2010 9:53:45 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7023
Description = The Microsoft .Net Framework COM+ Support service terminated with
the following error: %%193

Error - 11/14/2010 9:53:45 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows User Mode Driver
Framework service to connect.

Error - 11/14/2010 9:53:45 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7000
Description = The Windows User Mode Driver Framework service failed to start due
to the following error: %%1053

Error - 11/14/2010 9:53:45 PM | Computer Name = IJER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 eeCtrl SymIRON SYMTDI


< End of report >

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 15 November 2010 - 06:59 PM

Hello, JMil.


Step 1


Thanks for the information in your last post. That's critical. Please go ahead and run OTL as before, but change the file date to 60 days to be safe, and post OTL.txt here. I don't need extras.txt from this run. You can just post the file search sections in the middle/end of it.

Since you do have a rootkit, I'd like to look with RKU to pinpoint the issue. I like knowing what we're facing in case something goes wrong when attempting to fix it.



Step 2

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".



Step 3

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\1d480d61.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 4


Have you edited your HOSTS file? There's a few odd entries.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 15 November 2010 - 10:24 PM

The 2nd OTL log using 60 days follows along with the RKUnhooker report.

Unfortunately my infected machine cannot access the internet to download and run Jotti, I'm using another machine for these communications. Is there a way I can download Jotti to this machine, save it to a USB stick and then take it to the infected machine?

I did modify a HOSTS file. In the course of my early attempts I tried making sites inaccessible by adding them to the HOSTS file, my router and restricted sites in Internet Properties->Security->Restricted sites. Most of them are known rogue sites.

OTL logfile created on: 11/15/2010 8:56:41 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jer\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.71 Gb Total Space | 23.88 Gb Free Space | 46.19% Space Free | Partition Type: NTFS

Computer Name: IJER | User Name: Jer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 20:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
PRC - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2008/04/13 19:12:40 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 10:13:32 | 000,143,360 | ---- | M] (FarStone Technology Inc.) -- C:\Program Files\FarStone\VirtualDrive\vdtask.exe
PRC - [2005/06/13 05:07:02 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/06/13 05:07:02 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/05/27 03:03:00 | 000,827,392 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.exe
PRC - [2005/05/25 00:41:58 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/05/25 00:41:26 | 001,245,268 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2005/05/25 00:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/05/20 10:23:18 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
PRC - [2005/04/05 17:14:34 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/04/04 14:43:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/03/24 18:20:34 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/03/23 04:11:00 | 000,217,088 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2005/02/18 05:51:00 | 000,094,208 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2005/01/24 23:35:34 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/12/16 06:49:44 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/12/16 05:41:56 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/11/05 03:30:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2004/11/04 11:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2004/10/14 11:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/09/06 18:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/05/24 12:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2003/10/29 05:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/29 05:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 20:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
MOD - [2008/04/13 19:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll
MOD - [2008/04/13 11:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2002/08/29 05:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
SRV - [2009/04/04 13:41:21 | 000,625,357 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\1d480d61.dll -- (.Net CLR)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/06/13 05:07:02 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/05/25 00:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/01/24 23:35:34 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/12/16 06:49:44 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/11/05 03:30:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2004/11/04 11:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2004/05/24 12:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/11/15 20:26:46 | 000,004,474 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\GATHER.KM -- (EGATHDRV)
DRV - [2010/11/04 08:38:41 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/03 19:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/03 00:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101115.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/11/03 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/03 00:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101115.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/29 14:41:30 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/10/21 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/19 15:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101115.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/07/28 22:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/28 21:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/28 21:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/12 20:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/06/26 23:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/13 05:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/07/21 22:36:50 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/06/13 05:07:02 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/06/13 05:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/06/13 05:07:02 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/05/25 00:59:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/25 00:58:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/25 00:57:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/25 00:57:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/25 00:23:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/05/12 16:07:24 | 000,011,136 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2005/04/25 13:41:20 | 000,057,216 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (FVDSCSI)
DRV - [2005/04/13 03:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/04/01 04:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/02/18 05:51:00 | 000,013,872 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005/02/01 19:00:42 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2005/02/01 17:25:08 | 000,007,475 | ---- | M] (IBM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tkbtnpn.sys -- (HBtnKey)
DRV - [2005/01/26 02:03:32 | 000,015,360 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtmelTpm.sys -- (AtmelTpm)
DRV - [2005/01/21 03:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 03:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/01/14 14:20:26 | 000,059,776 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/12/28 14:31:50 | 000,449,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/16 06:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/06 19:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/02 18:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 17:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/11/10 18:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 18:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 18:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/05 03:30:00 | 000,012,944 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2004/11/04 11:52:10 | 000,024,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2004/09/06 18:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/05/14 14:59:00 | 000,004,608 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2004/02/23 07:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2002/04/24 13:50:00 | 000,018,176 | ---- | M] (Syncrosoft GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynasUSB.sys -- (SynasUSB)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/04/09 11:03:00 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)
DRV - [2000/05/31 22:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/q?s=spy
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.finance.yahoo.com/q?s=spy"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/11/04 10:17:30 | 000,000,000 | ---D | M]

[2010/10/07 17:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Mozilla\Extensions
[2010/10/07 17:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jer\Application Data\Mozilla\Firefox\Profiles\vqzh9v9b.default\extensions
[2010/09/16 08:33:38 | 000,002,075 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/10/24 14:39:54 | 000,000,865 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 osawarepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 osawarepro2009.com
O1 - Hosts: 91.212.127.227 www.osawarepro2009.com
O1 - Hosts: 127.0.0.1 lkaturl71.com
O1 - Hosts: 127.0.0.1 68b6b6b6.com
O1 - Hosts: 127.0.0.1 ashanti-style.us
O1 - Hosts: 127.0.0.1 lkckclckli1i.com
O1 - Hosts: 127.0.0.1 lkckclckl1i1i.com
O1 - Hosts: 127.0.0.1 c3.lkckclckli1i.com
O1 - Hosts: 127.0.0.1 kangojjm1.com
O1 - Hosts: 127.0.0.1 c3.lkckclckl1i1i.com
O1 - Hosts: 127.0.0.1 top10webresults.com
O1 - Hosts: 127.0.0.1 edgecombe.org
O1 - Hosts: 127.0.0.1 checkscashed.com
O1 - Hosts: 127.0.0.1 34jh7alm94.asia
O1 - Hosts: 64.280.126.64 sitefile.org
O1 - Hosts: 64.208.126
O1 - Hosts: 64.208.126.26
O1 - Hosts: 64.208.126.83
O1 - Hosts: 64.208.126.43
O1 - Hosts: 64.208.126.58
O1 - Hosts: 208.29.69.139
O1 - Hosts: 208.29.69.138
O1 - Hosts: 16 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ControlCenter] C:\Program Files\IBM fingerprint software\ctlcntr.exe (UPEK Inc.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [IBMTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE (IBM Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (IBM Corporation)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\VDTask.exe (FarStone Technology Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe (Alias Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 23:08:28 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b2d40f9-e3a3-11df-8bdc-0014a439fb40}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{0b2d40fd-e3a3-11df-8bdc-0014a439fb40}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{0b2d40ff-e3a3-11df-8bdc-0014a439fb40}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{4e6e08fb-f48d-11de-8b79-0014a4dcf3ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e6e08fb-f48d-11de-8b79-0014a4dcf3ed}\Shell\AutoRun\command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{4e6e08fb-f48d-11de-8b79-0014a4dcf3ed}\Shell\Install\Command - "" = E:\Start.exe -- File not found
O33 - MountPoints2\{75803172-ada8-11dc-8b30-0014a4dcf3ed}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{d53cece7-1935-11db-8af8-0014a439fb40}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/11/14 20:57:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
[2010/11/08 13:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Local Settings\Application Data\Symantec
[2010/11/04 08:37:01 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.sys
[2010/11/04 08:37:01 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdi.sys
[2010/11/04 08:37:01 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symtdiv.sys
[2010/11/04 08:37:01 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnets.sys
[2010/11/04 08:37:00 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.sys
[2010/11/04 08:37:00 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.sys
[2010/11/04 08:37:00 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Ironx86.sys
[2010/11/04 08:37:00 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.sys
[2010/11/04 08:36:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1201000.025
[2010/11/03 12:10:24 | 015,633,288 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Jer\My Documents\rminstall.exe
[2010/11/03 12:06:52 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jer\My Documents\IE7-WindowsXP-x86-enu.exe
[2010/11/03 12:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Xls
[2010/11/03 12:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Working and Filled Orders_files
[2010/11/03 12:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Visual Studio Projects
[2010/11/03 12:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Visual Studio 2005
[2010/11/03 12:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Trades
[2010/11/03 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\ThoroughbredRacing
[2010/11/03 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Symantec
[2010/11/03 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\ScanResults
[2010/11/03 12:05:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jer\My Documents\My Videos
[2010/11/03 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\samples
[2010/11/03 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\OX07account_activity_files
[2010/11/03 12:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\OptionsXpress
[2010/11/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\My Notes
[2010/11/03 12:05:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jer\My Documents\My Magazines
[2010/11/03 12:05:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jer\My Documents\My Data Sources
[2010/11/03 12:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\My eBooks
[2010/11/03 12:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Microsoft Press
[2010/11/03 12:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\MACD_XL
[2010/11/03 12:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JSP
[2010/11/03 12:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersVideos
[2010/11/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersTrades06_files
[2010/11/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersPossibleTrades
[2010/11/03 12:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\JersCubase
[2010/11/03 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Inqueue
[2010/11/03 12:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\IBD100
[2010/11/03 12:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\HistoricalStockData
[2010/11/03 12:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\HarnessRacingOld
[2010/11/03 12:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\eqbSummaryResultsDisplay_files
[2010/11/03 12:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Downloads
[2010/11/03 11:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\CSharpGraphics
[2010/11/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Collars
[2010/11/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\CandleStickStudy
[2010/11/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Book2_files
[2010/11/03 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\BB's&MA's
[2010/11/03 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\AgilixLog
[2010/11/03 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\aaatrades_files
[2010/11/02 22:43:31 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/02 22:43:31 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/02 22:41:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010/11/02 22:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/11/02 22:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/11/02 20:06:43 | 000,000,000 | ---D | C] -- C:\JersCollarDev
[2010/11/02 18:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\HarnessRacing
[2010/11/02 18:36:08 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/02 18:35:53 | 000,000,000 | ---D | C] -- C:\JersVB
[2010/11/02 18:35:02 | 000,000,000 | ---D | C] -- C:\JersCSharp
[2010/11/01 21:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jer\My Documents\My Music
[2010/11/01 21:01:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jer\My Documents\My Pictures
[2010/11/01 20:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/10/31 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/31 11:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security EssentialsOLD
[2010/10/30 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/10/30 20:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/10/30 12:53:19 | 001,392,304 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010/10/29 16:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/10/29 14:41:30 | 000,114,048 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/10/29 14:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/10/29 14:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/10/25 14:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Application Data\Registry Mechanic
[2010/10/25 14:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/21 00:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Local Settings\Application Data\PCHealth
[2010/10/16 09:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Application Data\Tific
[2010/10/10 12:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\My Documents\Network Monitor 3
[2010/10/10 12:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2010/10/08 11:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/08 11:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/07 17:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Local Settings\Application Data\Mozilla
[2010/10/07 17:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Application Data\Mozilla
[2010/10/06 11:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/10/06 11:05:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/10/05 16:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\IBM
[2010/10/04 09:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/10/04 09:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/02 16:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/10/02 16:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/10/02 12:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jer\Application Data\Symantec
[2010/10/02 12:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/10/02 12:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/02 11:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/09/30 22:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/30 19:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/30 19:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/11/15 20:26:46 | 000,004,474 | ---- | M] () -- C:\WINDOWS\GATHER.KM
[2010/11/15 20:25:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 20:19:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 20:18:58 | 1600,622,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 21:44:12 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\gmer.zip
[2010/11/14 21:05:34 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\JersDownloader.job
[2010/11/14 20:28:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jer\Desktop\OTL.exe
[2010/11/08 13:55:52 | 000,467,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 13:55:52 | 000,088,088 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 16:19:42 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\JDwnLdRaces.job
[2010/11/04 09:49:52 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\dds.scr
[2010/11/04 09:44:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jer\defogger_reenable
[2010/11/04 09:39:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Defogger.exe
[2010/11/04 08:46:30 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/11/04 08:44:55 | 000,591,630 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/04 08:38:41 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/04 08:38:41 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/04 08:38:41 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/11/04 08:38:41 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/04 08:34:46 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Jer\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/03 12:15:13 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Jerlog.xls
[2010/11/03 12:12:08 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Microsoft Excel (2).lnk
[2010/11/03 10:52:49 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\JersAnagram.job
[2010/11/03 10:52:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\JersCalendar.job
[2010/11/01 21:02:06 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/01 21:01:48 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Jer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/01 20:49:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/31 11:41:34 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Microsoft Security Essentials (2).lnk
[2010/10/30 21:08:27 | 000,607,326 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/10/30 12:59:04 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/10/30 12:53:20 | 001,392,304 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010/10/29 20:52:04 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Scheduled Tasks (2).lnk
[2010/10/29 14:41:30 | 000,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010/10/29 14:41:21 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Suite.lnk
[2010/10/28 10:19:33 | 012,630,894 | ---- | M] () -- C:\Infecteddirlst.prn
[2010/10/27 15:35:52 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Command Prompt (2).lnk
[2010/10/25 21:31:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\BounceBack Reminder.job
[2010/10/25 14:19:18 | 015,633,288 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Jer\My Documents\rminstall.exe
[2010/10/24 10:32:12 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Windows Explorer (2).lnk
[2010/10/23 19:16:40 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Jer\Desktop\Spider Solitaire (2).lnk
[2010/10/22 12:59:42 | 025,705,101 | ---- | M] () -- C:\Documents and Settings\Jer\seagatedir.prn
[2010/10/22 12:46:32 | 002,032,569 | ---- | M] () -- C:\Documents and Settings\Jer\iomegadir.prn
[2010/10/17 19:15:44 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Files named Temporary Internet Files.fnd
[2010/10/17 19:08:57 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Files named ie5.fnd
[2010/10/17 09:41:36 | 000,012,648 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\2010ToDoList.rtf
[2010/10/16 15:50:42 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\StockDownload Times.xls
[2010/10/10 12:27:44 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Network Monitor 3.4.lnk
[2010/10/08 12:07:13 | 002,231,296 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\ThinkPad2655Manual.pdf
[2010/10/07 17:55:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/10/03 10:11:32 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jer\My Documents\IE7-WindowsXP-x86-enu.exe
[2010/10/02 11:03:29 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OQHQ1H13.dat
[2010/09/22 16:50:03 | 000,192,000 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0910.xls
[2010/09/20 18:48:21 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\Jer\My Documents\Walmart_com - Checkout.mht
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 12:44:07 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\gmer.zip
[2010/11/04 17:34:26 | 1600,622,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 09:52:12 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\dds.scr
[2010/11/04 09:44:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jer\defogger_reenable
[2010/11/04 09:42:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\Defogger.exe
[2010/11/04 08:43:37 | 000,591,630 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Cat.DB
[2010/11/04 08:36:17 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.inf
[2010/11/04 08:36:17 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.inf
[2010/11/04 08:36:17 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNetV.inf
[2010/11/04 08:36:17 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.inf
[2010/11/04 08:36:17 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.inf
[2010/11/04 08:36:17 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.inf
[2010/11/04 08:36:17 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\Iron.inf
[2010/11/04 08:36:15 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\symnetv.cat
[2010/11/04 08:36:15 | 000,007,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymNet.cat
[2010/11/04 08:36:15 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymEFA.cat
[2010/11/04 08:36:15 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtspx.cat
[2010/11/04 08:36:15 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\SymDS.cat
[2010/11/04 08:36:15 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\srtsp.cat
[2010/11/04 08:36:15 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\iron.cat
[2010/11/04 08:36:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1201000.025\isolate.ini
[2010/11/04 01:01:56 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/03 12:11:22 | 004,671,488 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\z11sept2001.pps
[2010/11/03 12:11:22 | 000,294,935 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Zazzle_com Order Confirmation.mht
[2010/11/03 12:11:21 | 000,446,749 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\YouTube - Ray Stevens----It's me again magret!.mht
[2010/11/03 12:11:21 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptions091607.xls
[2010/11/03 12:11:21 | 000,132,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\YouTube - [High Quality] Blue Angels - censored, no Van Halen Dreams.mht
[2010/11/03 12:11:21 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptions.xls
[2010/11/03 12:11:21 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptions092107.xls
[2010/11/03 12:11:21 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\working072507.xls
[2010/11/03 12:11:21 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptA.xls
[2010/11/03 12:11:21 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlOptA1.xls
[2010/11/03 12:11:21 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Yahoo Options.xls
[2010/11/03 12:11:21 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\XlUsingIE.xls
[2010/11/03 12:11:21 | 000,010,385 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Working and Filled Orders.htm
[2010/11/03 12:11:11 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\VideoDisksDescriptions.xls
[2010/11/03 12:11:11 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\working072407.xls
[2010/11/03 12:11:11 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\VideoIndex.xls
[2010/11/03 12:11:11 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Vonage.rtf
[2010/11/03 12:11:11 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Walmart_com - Checkout.mht
[2010/11/03 12:11:10 | 000,061,337 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\VideoDiskDescriptions.rtf
[2010/11/03 12:11:01 | 017,030,510 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\video.flv
[2010/11/03 12:11:01 | 000,561,152 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Tst1.mdb
[2010/11/03 12:11:01 | 000,066,209 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\TRAINRHP.DBF
[2010/11/03 12:11:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\TradeLog.xls
[2010/11/03 12:11:01 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\UDRS.xls
[2010/11/03 12:11:01 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Video1.rtf
[2010/11/03 12:11:01 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\TshirtLogos.rtf
[2010/11/03 12:11:00 | 002,231,296 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ThinkPad2655Manual.pdf
[2010/11/03 12:11:00 | 001,165,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Symbols112507.xls
[2010/11/03 12:11:00 | 000,661,607 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Super 8 Hotels.mht
[2010/11/03 12:11:00 | 000,333,933 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\The Teaching Company - Order Confirmation.mht
[2010/11/03 12:11:00 | 000,029,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Thanks for shopping at JohnGaltGifts_com.htm
[2010/11/03 12:11:00 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SylSav2009.xls
[2010/11/03 12:11:00 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SudokuGrid.xls
[2010/11/03 12:11:00 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SylSav2009.rtf
[2010/11/03 12:11:00 | 000,000,492 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Sudoku_articles.rtf
[2010/11/03 12:10:59 | 000,694,272 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Sudoku .xls
[2010/11/03 12:10:59 | 000,436,736 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0710.xls
[2010/11/03 12:10:59 | 000,192,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0910.xls
[2010/11/03 12:10:59 | 000,178,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Sudoku.xls
[2010/11/03 12:10:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SuDoKu0710a.xls
[2010/11/03 12:10:58 | 000,470,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StockSymbols.xls
[2010/11/03 12:10:58 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Stocks2Trk.xls
[2010/11/03 12:10:58 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\stream.pls
[2010/11/03 12:10:58 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\stream.ram
[2010/11/03 12:10:57 | 000,259,584 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaTime.xls
[2010/11/03 12:10:57 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StockNames.xls
[2010/11/03 12:10:57 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StockDownload Times.xls
[2010/11/03 12:10:56 | 003,176,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaRsltTotal.xls
[2010/11/03 12:10:50 | 011,852,288 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaOddsChk.xls
[2010/11/03 12:10:46 | 009,608,192 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\STGAMasterRaceCSVTotal.xls
[2010/11/03 12:10:38 | 003,812,352 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Stgakey.xls
[2010/11/03 12:10:38 | 001,707,521 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Stgakey.csv
[2010/11/03 12:10:37 | 004,877,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaHarnessRslt.xls
[2010/11/03 12:10:34 | 010,838,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StgaHarnessRslt.mdb
[2010/11/03 12:10:34 | 000,097,185 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\STGAENTRIES.mht
[2010/11/03 12:10:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\StdDev.xls
[2010/11/03 12:10:34 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Srtga081508.xls
[2010/11/03 12:10:34 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SpreadProgress.xls
[2010/11/03 12:10:34 | 000,009,376 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SpreadProgress.htm
[2010/11/03 12:10:34 | 000,001,449 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SpreadProgress.rtf
[2010/11/03 12:10:33 | 004,819,090 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Short_Term_Trading_System.pdf
[2010/11/03 12:10:33 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ScanResult101007.xls
[2010/11/03 12:10:33 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SP500symbols.xls
[2010/11/03 12:10:33 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ScanInputMaster.xls
[2010/11/03 12:10:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SaraPlaceBet.xls
[2010/11/03 12:10:33 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SMAXovrTrades052908.xls
[2010/11/03 12:10:33 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Scorecard.xls
[2010/11/03 12:10:33 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\SIREHP.DBF
[2010/11/03 12:10:33 | 000,005,465 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Social Security Death Index Search Results.htm
[2010/11/03 12:10:33 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\spider.sav
[2010/11/03 12:10:32 | 000,398,245 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RUNLINHP.DBF
[2010/11/03 12:10:32 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Ryanletter.rtf
[2010/11/03 12:10:30 | 000,433,152 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ROCSystemSummary.xls
[2010/11/03 12:10:23 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RaceCSVTotal.xls
[2010/11/03 12:10:23 | 000,108,664 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Receipt for Order# 55346 at Poland by Mail.mht
[2010/11/03 12:10:23 | 000,108,012 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Receipt for Order# 54796 at Poland by Mail.mht
[2010/11/03 12:10:23 | 000,102,597 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Racing.mht
[2010/11/03 12:10:23 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Racing_Tables_Fields.xls
[2010/11/03 12:10:23 | 000,014,818 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RDB Design.rtf
[2010/11/03 12:10:23 | 000,011,879 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RACESHP.DBF
[2010/11/03 12:10:23 | 000,007,571 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RdngHrnsEntries.rtf
[2010/11/03 12:10:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\RacePgms.rtf
[2010/11/03 12:10:22 | 000,662,862 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\QQQ_Active_Collar_Paper_website_v3.pdf
[2010/11/03 12:10:22 | 000,345,334 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Quark.mht
[2010/11/03 12:10:22 | 000,233,984 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\QQQQ.xls
[2010/11/03 12:10:22 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PS2P.xls
[2010/11/03 12:10:22 | 000,003,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTTRHP.DBF
[2010/11/03 12:10:22 | 000,003,122 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTDRTTHP.DBF
[2010/11/03 12:10:22 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTDROFHP.DBF
[2010/11/03 12:10:22 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PTDRFTHP.DBF
[2010/11/03 12:10:19 | 000,600,023 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Programming for Fun and Profit - Using the Card_dll — Developer_com.mht
[2010/11/03 12:10:16 | 000,485,085 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\platinumharness.pdf
[2010/11/03 12:10:16 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\POWTBLHP.DBF
[2010/11/03 12:10:15 | 008,995,189 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\PDF32000_2008.pdf
[2010/11/03 12:10:15 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Ox102107.xls
[2010/11/03 12:10:15 | 000,014,669 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OXScreen.xls
[2010/11/03 12:10:15 | 000,010,738 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OX07account_activity.xls
[2010/11/03 12:10:14 | 000,021,633 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OX06account_activity.xls
[2010/11/03 12:10:13 | 000,563,306 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYX Options for NYSE EURONEXT - 050109.mht
[2010/11/03 12:10:13 | 000,522,099 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYX Options for NYSE EURONEXT - Yahoo! Finance.mht
[2010/11/03 12:10:13 | 000,460,800 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Optn10.xls
[2010/11/03 12:10:13 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYXStrength.xls
[2010/11/03 12:10:13 | 000,125,440 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NYX_TradeBand.xls
[2010/11/03 12:10:13 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OilServices.xls
[2010/11/03 12:10:13 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OprioneticsTrades.xls
[2010/11/03 12:10:13 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\OptionPricing.xls
[2010/11/03 12:10:13 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Olympic.rtf
[2010/11/03 12:10:13 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Order Submission Process - medco_com ®.htm
[2010/11/03 12:10:12 | 000,907,776 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NKE.xls
[2010/11/03 12:10:12 | 000,742,659 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Nation's soaring deficit calls for painful choices - USATODAY_com.mht
[2010/11/03 12:10:12 | 000,370,197 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NatlHlthCare.pdf
[2010/11/03 12:10:12 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Names.xls
[2010/11/03 12:10:12 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Nison's_CndlStckChrtngTeknke.rtf
[2010/11/03 12:10:12 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\NET2005.rtf
[2010/11/03 12:10:07 | 000,130,616 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\mxx0221b.exe
[2010/11/03 12:10:06 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\music.rtf
[2010/11/03 12:10:05 | 010,564,608 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MRaceCSVTotal.xls
[2010/11/03 12:10:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Music Education Program.doc
[2010/11/03 12:10:03 | 000,449,883 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\mondaysentries.pdf
[2010/11/03 12:10:03 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MasterRaceCSVTotal.xls
[2010/11/03 12:10:03 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MOS.xls
[2010/11/03 12:10:02 | 001,016,832 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_PGM.xls
[2010/11/03 12:10:00 | 002,874,880 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_DJI_COP_NYX.xls
[2010/11/03 12:10:00 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_DJI_AAPL.xls
[2010/11/03 12:10:00 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\MACD_DJI.xls
[2010/11/03 12:09:59 | 000,821,028 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\lighthousetvl.pdf
[2010/11/03 12:09:59 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\M021910.xls
[2010/11/03 12:09:59 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Loan65.xls
[2010/11/03 12:09:58 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\LexusMileage.xls
[2010/11/03 12:09:58 | 000,001,308 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\L2EJan2010.rtf
[2010/11/03 12:09:57 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Kmortg.rtf
[2010/11/03 12:09:56 | 000,787,968 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JVIX.xls
[2010/11/03 12:09:56 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jtst112607.xls
[2010/11/03 12:09:23 | 070,275,072 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JTest_Backup.mdb
[2010/11/03 12:09:12 | 021,385,216 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JTest.mdb
[2010/11/03 12:09:12 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JSyms.csv
[2010/11/03 12:09:07 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JJ.mdb
[2010/11/03 12:09:07 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JSPNames.xls
[2010/11/03 12:09:07 | 000,006,151 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\jstk101.csv
[2010/11/03 12:09:07 | 000,001,236 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JList.rtf
[2010/11/03 12:09:07 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jltr.rtf
[2010/11/03 12:09:07 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JInstall.bat
[2010/11/03 12:09:07 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JJInstall.bat
[2010/11/03 12:09:07 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JJJ.csv
[2010/11/03 12:09:03 | 003,200,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerTest.xls
[2010/11/03 12:09:03 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersXlHndiCapSht.xls
[2010/11/03 12:09:03 | 000,021,633 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersTrades.xls
[2010/11/03 12:09:03 | 000,011,100 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersTrades06.xls
[2010/11/03 12:09:03 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jerswebsite.htm
[2010/11/03 12:08:58 | 001,485,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRaceBook.xls
[2010/11/03 12:08:58 | 000,050,559 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersTest.pdf
[2010/11/03 12:08:56 | 008,360,448 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRaceBook .xls
[2010/11/03 12:08:51 | 007,910,912 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRaceBook1.xls
[2010/11/03 12:08:50 | 000,254,464 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersIntraDayTradingC.xls
[2010/11/03 12:08:50 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersRace.xls
[2010/11/03 12:08:50 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JersNames.csv
[2010/11/03 12:08:49 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\jersharnessfrm.xls
[2010/11/03 12:08:48 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jerlog.xls
[2010/11/03 12:08:48 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jerlog .xls
[2010/11/03 12:08:48 | 000,156,770 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerRESULTS.htm
[2010/11/03 12:08:48 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jer.xls
[2010/11/03 12:08:48 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jersfix.xls
[2010/11/03 12:08:48 | 000,006,603 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerPokerTuesday.POK
[2010/11/03 12:08:48 | 000,006,602 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerPokerMonday.POK
[2010/11/03 12:08:48 | 000,006,595 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JerPokerFriday.POK
[2010/11/03 12:08:47 | 000,425,984 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jer2.mdb
[2010/11/03 12:08:47 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Jer062008.xls
[2010/11/03 12:08:47 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JBook1.xls
[2010/11/03 12:08:46 | 000,725,650 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\JanUnemploymentChart.pdf
[2010/11/03 12:08:46 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\j199.csv
[2010/11/03 12:06:52 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\IBDMas.xls
[2010/11/03 12:06:52 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\IBMOptions (version 1).xls
[2010/11/03 12:06:52 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\IBMOptions.xls
[2010/11/03 12:06:51 | 000,815,933 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HW_FRM_IBM_470IAcclarisSHAPClaimSB_3899.pdf
[2010/11/03 12:06:50 | 000,763,494 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Hotels - Hotel reviews from people like you - Welcome to.mht
[2010/11/03 12:06:50 | 000,700,416 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HOV.xls
[2010/11/03 12:06:50 | 000,144,290 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HORSEHP.DBF
[2010/11/03 12:06:50 | 000,002,401 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HndiCapChkMrk.rtf
[2010/11/03 12:06:50 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HomeDepot.rtf
[2010/11/03 12:06:50 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HotDogSauce.rtf
[2010/11/03 12:06:49 | 001,466,368 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HistVol_AAPL.xls
[2010/11/03 12:06:49 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\HAUGVol.xls
[2010/11/03 12:06:48 | 001,779,401 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Guest confirmation information.mht
[2010/11/03 12:06:48 | 000,707,783 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\harnesspps.pdf
[2010/11/03 12:06:48 | 000,056,600 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Fw__Summary_of_Healthcare_Bill.eml
[2010/11/03 12:06:48 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\GMStraddleDelta Neutral.xls
[2010/11/03 12:06:48 | 000,017,349 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Fw_ Tronto Seminar Location_Scheduel.eml
[2010/11/03 12:06:48 | 000,017,045 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\giovanniorder.rtf
[2010/11/03 12:06:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Gamma.xls
[2010/11/03 12:06:48 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\GJNames.xls
[2010/11/03 12:06:48 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\FlowChart.xls
[2010/11/03 12:06:48 | 000,005,040 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Futurlec_com - Order Form.htm
[2010/11/03 12:06:48 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Harfa_Album.rtf
[2010/11/03 12:06:48 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\GoodEnough.rtf
[2010/11/03 12:06:48 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Files named Temporary Internet Files.fnd
[2010/11/03 12:06:48 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Files named ie5.fnd
[2010/11/03 12:06:47 | 000,792,576 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\ERTS.xls
[2010/11/03 12:06:47 | 000,782,542 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\equibasefullpp.pdf
[2010/11/03 12:06:47 | 000,540,346 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Fidelity NetBenefits.mht
[2010/11/03 12:06:47 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\expirationFriday.xls
[2010/11/03 12:06:45 | 000,156,672 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\EMAExample.xls
[2010/11/03 12:06:45 | 000,073,909 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\eqbSummaryResultsDisplay.htm
[2010/11/03 12:06:45 | 000,070,465 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DRIVERHP.DBF
[2010/11/03 12:06:45 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\EMACD_DJI.xls
[2010/11/03 12:06:45 | 000,004,573 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\EditorIntro.rtf
[2010/11/03 12:06:45 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Dylan2.rtf
[2010/11/03 12:06:45 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Dylan.rtf
[2010/11/03 12:06:45 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DVDCopy.rtf
[2010/11/03 12:06:45 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\download.png
[2010/11/03 12:06:44 | 001,479,680 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DJI_MACD.xls
[2010/11/03 12:06:44 | 001,085,440 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DJI112507 (version 1).xls
[2010/11/03 12:06:44 | 001,021,952 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DJI112507.xls
[2010/11/03 12:06:44 | 000,986,624 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Dow87.xls
[2010/11/03 12:06:44 | 000,235,008 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DKS.xls
[2010/11/03 12:06:43 | 002,514,959 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\dir.prnold
[2010/11/03 12:06:43 | 000,002,826 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\dir.prn
[2010/11/03 12:06:25 | 000,016,355 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DAMHP.DBF
[2010/11/03 12:06:25 | 000,010,229 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\DangerousHerbs.rtf
[2010/11/03 12:06:24 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CVTX082407.xls
[2010/11/03 12:06:24 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CsYahVolComp.xls
[2010/11/03 12:06:24 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CsNeededMods.rtf
[2010/11/03 12:06:23 | 001,158,656 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\COP.xls
[2010/11/03 12:06:23 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarTrackingRevC Jers.xls
[2010/11/03 12:06:23 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarTrackingRevC.xls
[2010/11/03 12:06:23 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarScan012008.xls
[2010/11/03 12:06:23 | 000,100,621 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Confirmation.mht
[2010/11/03 12:06:23 | 000,010,000 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Computer Memory, Laptop Batteries - Kahlon_com.htm
[2010/11/03 12:06:23 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CorptaxNYX.rtf
[2010/11/03 12:06:22 | 000,644,608 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CollarCandidates102207.xls
[2010/11/03 12:06:22 | 000,002,669 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CleanCatskill.rtf
[2010/11/03 12:06:22 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CleanCatskill1.rtf
[2010/11/03 12:06:21 | 000,004,120 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Class1.cs
[2010/11/03 12:06:18 | 005,010,432 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\christmas.pps
[2010/11/03 12:06:18 | 001,112,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CHistVolCOP.xls
[2010/11/03 12:06:17 | 000,962,560 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CHistVolAAPL.xls
[2010/11/03 12:06:17 | 000,653,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CalendarCandidates102207.xls
[2010/11/03 12:06:17 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BoseMusic.xls
[2010/11/03 12:06:17 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Cal0618.xls
[2010/11/03 12:06:17 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\CandlTrades052708.xls
[2010/11/03 12:06:17 | 000,011,228 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Book2.htm
[2010/11/03 12:06:17 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Charlie.rtf
[2010/11/03 12:06:16 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BOEAddress.rtf
[2010/11/03 12:06:15 | 000,154,706 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\bloom_month.pdf
[2010/11/03 12:06:13 | 005,308,124 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BigDeck.wmv
[2010/11/03 12:06:13 | 000,836,608 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BBBY.xls
[2010/11/03 12:06:13 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\BA.mdb
[2010/11/03 12:06:13 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Backgammon.xls
[2010/11/03 12:06:13 | 000,017,899 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\B&H Invoice.htm
[2010/11/03 12:06:12 | 000,748,032 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AZO.xls
[2010/11/03 12:06:12 | 000,409,020 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\adoptedbudgetpersonnellisting2010.pdf
[2010/11/03 12:06:12 | 000,166,023 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\Amazon_com Thanks You.htm
[2010/11/03 12:06:12 | 000,135,607 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\alexwilson.rtf
[2010/11/03 12:06:12 | 000,005,428 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AUCTIONP.DBF
[2010/11/03 12:06:12 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\asteroid.rtf
[2010/11/03 12:06:10 | 004,083,712 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AAPLVolatiltyCorrelation.xls
[2010/11/03 12:06:10 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AccessRaceTables.xls
[2010/11/03 12:06:10 | 000,006,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AccessRaceTables.rtf
[2010/11/03 12:06:10 | 000,003,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\account_activity.xls
[2010/11/03 12:06:09 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AAPLCOLLARRESULTS.xls
[2010/11/03 12:06:09 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\AAPLTrainer.xls
[2010/11/03 12:06:09 | 000,016,250 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\232283184717.xls
[2010/11/03 12:06:09 | 000,010,823 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\aaatrades.htm
[2010/11/03 12:06:08 | 000,280,064 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\080806QQQQ.xls
[2010/11/03 12:06:08 | 000,222,720 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\072706DOW.xls
[2010/11/03 12:06:08 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\129196S&PMAD.xls
[2010/11/03 12:06:08 | 000,052,638 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\232283103239.xls
[2010/11/03 12:06:08 | 000,050,036 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\129196S&PMAD.csv
[2010/11/03 12:06:08 | 000,014,669 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\232283154846.xls
[2010/11/03 12:06:08 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\120606JersAcct.xls
[2010/11/03 12:06:07 | 000,021,559 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\8912.zip
[2010/11/03 12:06:07 | 000,012,648 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010ToDoList.rtf
[2010/11/03 12:06:06 | 005,810,688 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010RaceSchedule.xls
[2010/11/03 12:06:05 | 000,203,212 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010_Racing_calendar1.sflb.pdf
[2010/11/03 12:06:05 | 000,013,494 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2010RaceSchedule.csv
[2010/11/03 12:06:04 | 003,873,792 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\1JersRaceBook1.xls
[2010/11/03 12:06:04 | 000,020,161 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\23_program_agreement.pdf
[2010/11/03 12:06:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\3rdFri.xls
[2010/11/03 12:06:04 | 000,004,057 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\8Candlesticks.rtf
[2010/11/03 12:06:04 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2009Schedule.rtf
[2010/11/03 12:06:04 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\2006taxletter.rtf
[2010/11/03 12:06:02 | 001,783,572 | ---- | C] () -- C:\Documents and Settings\Jer\My Documents\1JersRaceBook1.csv
[2010/11/02 22:43:31 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/11/02 22:43:31 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/11/02 22:43:10 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/10/31 11:41:34 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Jer\Desktop\Microsoft Security Essentials (2).lnk
[2010/10/30 21:08:10 | 000,607,326 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/10/30 12:53:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/10/29 14:41:18 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Suite.lnk
[2010/10/28 10:18:42 | 012,630,894 | ---- | C] () -- C:\Infecteddirlst.prn
[2010/10/22 12:53:32 | 025,705,101 | ---- | C] () -- C:\Documents and Settings\Jer\seagatedir.prn
[2010/10/22 12:45:53 | 002,032,569 | ---- | C] () -- C:\Documents and Settings\Jer\iomegadir.prn
[2010/10/14 20:11:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Jer\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/10 12:27:42 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Network Monitor 3.4.lnk
[2010/10/07 17:55:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/02 15:16:17 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Jer\LuResult.txt
[2010/10/02 11:03:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OQHQ1H13.dat
[2010/09/30 20:13:44 | 000,004,474 | ---- | C] () -- C:\WINDOWS\GATHER.KM
[2009/10/28 11:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AUTORUN.INI
[2009/04/04 13:41:21 | 000,625,357 | ---- | C] () -- C:\WINDOWS\System32\1d480d61.dll
[2008/08/25 12:12:33 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TMODDS.INI
[2008/08/25 11:57:02 | 000,000,932 | ---- | C] () -- C:\WINDOWS\HMPLUS.INI
[2008/08/25 11:57:02 | 000,000,053 | ---- | C] () -- C:\WINDOWS\HMODDS.INI
[2008/07/26 10:57:33 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\synsopos.ini
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/07/22 17:04:48 | 000,000,924 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/21 23:08:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jer\Local Settings\Application Data\fusioncache.dat
[2006/07/21 22:48:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/21 22:47:48 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/07/21 22:41:00 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/07/21 22:22:29 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\PPWInf.dll
[2006/07/21 21:56:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\stkbtnpn.dll
[2006/07/21 21:55:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/07/21 21:55:34 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/07/21 21:54:52 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/07/21 21:51:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/21 21:36:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2006/07/21 20:31:26 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 16:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/05/25 00:32:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/01 19:00:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/02/01 19:00:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/12/16 05:41:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/12/16 05:41:58 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/12/14 16:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\SmAgentAPI.dll
[2004/11/18 20:17:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/05 20:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2004/01/09 08:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/09/20 02:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/05 05:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/16 19:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/30 19:19:24 | 000,006,397 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCd.sys
[2003/04/10 17:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/06 17:35:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[1980/01/01 02:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 02:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066048 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066048 bytes
0x804D7000 RAW 2066048 bytes
0x804D7000 WMIxWDM 2066048 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA15AB000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101115.021\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0xB9B89000 btkrnl.sys 1228800 bytes (Broadcom Corporation, Bluetooth Protocol Driver for Windows 2000)
0xB805E000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF070000 C:\WINDOWS\System32\ialmdd5.DLL 905216 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB82EF000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 827392 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA6A47000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xB9DBB000 SYMEFA.SYS 692224 bytes
0xB7FB6000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D17000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA1F3F000 C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS 528384 bytes (Symantec Corporation, Symantec AutoProtect)
0xA6B6E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8235000 C:\WINDOWS\system32\DRIVERS\ar5211.sys 450560 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xA6B10000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB6F1F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA6D3A000 C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xA6D93000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA1724000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101115.001\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xB9E76000 SYMDS.SYS 356352 bytes
0xA2EFE000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA1FE8000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB81F5000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB815D000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xBF040000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xB6F7D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA304A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CEA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA16F9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA6BDE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA6C6E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA6CEE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA6D14000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xA1EF3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB81D1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB82B7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA6C09000 C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS 143360 bytes (Symantec Corporation, Iron Driver)
0xB81AE000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6C4C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB818E000 C:\WINDOWS\system32\drivers\aeaudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xB9ECD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA6AF3000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9CCF000 snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)
0xB9CB5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA6A07000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA6E47000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DA4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7F9F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA3167000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA2A49000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA1597000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101115.021\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB82A3000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB82DB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA6DEC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E64000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7B3E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB83E9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA218000 C:\WINDOWS\system32\drivers\ibmfilter.sys 65536 bytes (IBM, IBM FFE and RRU filter driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA308000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0C8000 Shockprf.sys 61440 bytes (IBM Corporation, Shockproof Disk Driver)
0xA2DC0000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA298000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA278000 C:\WINDOWS\system32\DRIVERS\fvdscsi.sys 57344 bytes (FarStone Inc., FarStone SCSI Miniport)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB95A1000 C:\WINDOWS\System32\Drivers\btwusb.sys 53248 bytes (Broadcom Corporation, Driver for Bluetooth USB Devices)
0xBA0F8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8409000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB95B1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8419000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA188000 C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB83F9000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA148000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA19D1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA428000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA470000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4A0000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xBA418000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation, Bluetooth BTPORT Driver for Windows 2000)
0xBA430000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA450000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 28672 bytes (IBM Corp., IBM ThinkPad Power Management Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA358000 C:\WINDOWS\System32\Drivers\tcusb.sys 28672 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA490000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA420000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA458000 C:\WINDOWS\system32\drivers\btaudio.sys 20480 bytes (Broadcom Corporation, Bluetooth Audio Device)
0xBA438000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA460000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA498000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA388000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA4D1C000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xB9B0C000 C:\WINDOWS\system32\DRIVERS\AtmelTpm.sys 16384 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA4C4000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9AEC000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9B55000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6A2B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9B08000 C:\WINDOWS\system32\DRIVERS\portd2k.sys 16384 bytes (CMS Peripherals, Inc., BounceBack Port I/O)
0xB9B20000 C:\WINDOWS\system32\DRIVERS\tp4track.sys 16384 bytes (IBM Corporation, IBM PS/2 TrackPoint Mouse Filter Driver)
0xBA4CC000 TPDiskPM.sys 16384 bytes (IBM Corporation, IBM SATA Power Management Driver)
0xB8518000 C:\WINDOWS\System32\Drivers\TPHKDRV.SYS 16384 bytes (IBM Corporation, ThinkPad Hotkey Driver)
0xB9B10000 C:\WINDOWS\system32\DRIVERS\wacompen.sys 16384 bytes (Microsoft Corporation, Wacom Serial Pen Tablet HID Driver)
0xBA4C8000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xB84F4000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4C0000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA6E33000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9B51000 C:\WINDOWS\system32\DRIVERS\fcdabus.sys 12288 bytes (FarStone Inc., FarStone Bus Enumerator)
0xB6FB9000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9B1C000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xA302E000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB6FC5000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9B00000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB6FB5000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5B2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5B0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5B8000 C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA5B6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5BA000 C:\WINDOWS\System32\Drivers\ShockMgr.SYS 8192 bytes (IBM Corporation, ShockMgr Device Driver)
0xBA660000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA62E000 C:\WINDOWS\system32\DRIVERS\tkbtnpn.sys 8192 bytes (IBM, Tablet PC Keyboard Buttons HID Driver)
0xBA630000 C:\WINDOWS\System32\DRIVERS\TPInput.sys 8192 bytes (IBM Corporation, IBM SATA Power Management Driver)
0xBA66A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A391000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA678000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA69C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6F2000 C:\WINDOWS\GATHER.KM 4096 bytes
0xBA77B000 C:\WINDOWS\System32\drivers\IBMBLDID.SYS 4096 bytes
0xBA7DA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A3B1298 ?_empty_? 3432 bytes
==============================================
>Stealth
==============================================
0xB9EED000 WARNING: suspicious driver modification [atapi.sys::0x8A3B1298]
0x03360000 Hidden Image-->sklibrary.dll [ EPROCESS 0x8941F6E0 ] PID: 1196, 118784 bytes
0x0B8C0000 Hidden Image-->sklibrary.dll [ EPROCESS 0x89341DA0 ] PID: 3484, 118784 bytes
0x03310000 Hidden Image-->interop.softkeyboardinterface.dll [ EPROCESS 0x8941F6E0 ] PID: 1196, 28672 bytes
0x0B870000 Hidden Image-->interop.softkeyboardinterface.dll [ EPROCESS 0x89341DA0 ] PID: 3484, 28672 bytes
0x03300000 Hidden Image-->softkeyboardlogic.dll [ EPROCESS 0x8941F6E0 ] PID: 1196, 36864 bytes
0x0B860000 Hidden Image-->softkeyboardlogic.dll [ EPROCESS 0x89341DA0 ] PID: 3484, 36864 bytes
0x03630000 Hidden Image-->kbcresources.dll [ EPROCESS 0x8941F6E0 ] PID: 1196, 53248 bytes
0x0B980000 Hidden Image-->kbcresources.dll [ EPROCESS 0x89341DA0 ] PID: 3484, 53248 bytes

#6 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 16 November 2010 - 10:02 AM

Good morning,
I believe I have found a way to get the Jotti info you requested. I made the infected drive a D: drive and booted from another drive, accessed Jotti and browsed to the infected drive, ran Jotti, copied/paste its screen results to Wordpad and enclosed below.



Filename: 1d480d61.dll
Status: Scan finished. 4 out of 19 scanners reported malware.
Scan taken on: Tue 16 Nov 2010 15:45:23 (CET) Permalink

File size: 625357 bytes Filetype: Unknown MD5: 04766e20b28c34c0f30eecd7ccb40c6e SHA1: 02aaba6722f9ce0c33e4f1f837031878e928d76d



2010-11-16 Found nothing 2010-11-16 Win32:Redosdru-B
2010-11-16 Win32:Redosdru-B 2010-11-16 Found nothing
2010-11-16 Found nothing 2010-11-16 Found nothing
2010-11-16 TR/Trash.Gen 2010-11-16 Found nothing
2010-11-16 Found nothing 2010-11-15 Found nothing
2010-11-16 Found nothing 2010-11-16 Found nothing
2010-11-16 Found nothing 2010-11-16 Mal/Behav-031
2010-11-16 Found nothing 2010-11-14 Found nothing
2010-11-16 Found nothing 2010-11-15 Found nothing
2010-11-16 Found nothing

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 17 November 2010 - 07:52 PM

Hello, JMil.

Thanks for getting jotti done...it does confirm that driver is malware. You also do have a TDL/TDSS/Alureon/TidServ rootkit.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.















Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 18 November 2010 - 07:31 PM

I've chosen to continue, downloaded and installed ComboFix and the Recovery Console.

Renamed ComboFix and started it getting the warning message about Rootkit and then it hangs the machine requiring powering off to regain control ( ctrl-alt-del and all other keystrokes are unresponsive ).

The Combofix downloaded runs in a Cmd window, it does not bring up screens like those shown in your explanation.



J e r

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 19 November 2010 - 07:26 PM

Hello, JMil.
OK, try this first.



Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 21 November 2010 - 01:54 PM

Download, scan and reboot went well, log follows:


2010/11/21 13:23:55.0000 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/21 13:23:55.0000 ================================================================================
2010/11/21 13:23:55.0000 SystemInfo:
2010/11/21 13:23:55.0000
2010/11/21 13:23:55.0000 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/21 13:23:55.0000 Product type: Workstation
2010/11/21 13:23:55.0000 ComputerName: IJER
2010/11/21 13:23:55.0000 UserName: Jer
2010/11/21 13:23:55.0000 Windows directory: C:\WINDOWS
2010/11/21 13:23:55.0000 System windows directory: C:\WINDOWS
2010/11/21 13:23:55.0000 Processor architecture: Intel x86
2010/11/21 13:23:55.0000 Number of processors: 1
2010/11/21 13:23:55.0000 Page size: 0x1000
2010/11/21 13:23:55.0000 Boot type: Normal boot
2010/11/21 13:23:55.0000 ================================================================================
2010/11/21 13:23:56.0687 Initialize success
2010/11/21 13:24:18.0515 ================================================================================
2010/11/21 13:24:18.0515 Scan started
2010/11/21 13:24:18.0515 Mode: Manual;
2010/11/21 13:24:18.0515 ================================================================================
2010/11/21 13:24:20.0093 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/21 13:24:21.0031 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/11/21 13:24:21.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/21 13:24:22.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/21 13:24:23.0531 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/21 13:24:24.0843 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/11/21 13:24:25.0828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/21 13:24:26.0625 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/21 13:24:27.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/21 13:24:28.0234 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/21 13:24:28.0750 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/21 13:24:29.0250 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/21 13:24:29.0796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/21 13:24:30.0312 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/21 13:24:30.0812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/21 13:24:31.0375 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/21 13:24:32.0218 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/21 13:24:32.0703 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/21 13:24:33.0515 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2010/11/21 13:24:34.0234 AR5211 (0c2f02c37ff874cdf032a2ed0097f867) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/11/21 13:24:35.0187 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/21 13:24:35.0656 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/21 13:24:36.0250 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/21 13:24:36.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/21 13:24:37.0375 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/21 13:24:38.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/21 13:24:39.0484 AtmelTpm (a58a2c7358280d689d72e47e878f769e) C:\WINDOWS\system32\DRIVERS\AtmelTpm.sys
2010/11/21 13:24:40.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/21 13:24:41.0250 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/21 13:24:41.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/21 13:24:42.0468 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/21 13:24:43.0359 btaudio (f9b7bf50bb2111019f00bcf168754b50) C:\WINDOWS\system32\drivers\btaudio.sys
2010/11/21 13:24:43.0937 BTDriver (2ec53b652b8a425930611163c226788e) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/11/21 13:24:45.0250 BTKRNL (9eb1a41f33f834dee770777a4f507eff) C:\WINDOWS\system32\drivers\btkrnl.sys
2010/11/21 13:24:46.0375 BTWDNDIS (12bd8fa13f7bb232121402e543a8441b) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/11/21 13:24:46.0953 BTWUSB (2b53ddcc571948ddf0fd89b2589da435) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/11/21 13:24:47.0562 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/21 13:24:48.0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/21 13:24:49.0062 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/21 13:24:49.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/21 13:24:50.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/21 13:24:51.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/21 13:24:52.0328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/21 13:24:53.0078 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/21 13:24:53.0843 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/21 13:24:54.0375 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/21 13:24:55.0171 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/21 13:24:55.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/21 13:24:56.0781 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/21 13:24:58.0093 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/21 13:24:59.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/21 13:25:00.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/21 13:25:00.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/21 13:25:01.0437 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/21 13:25:01.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/21 13:25:02.0812 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/21 13:25:03.0515 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/21 13:25:04.0078 EGATHDRV (12bb0f2d065e181bd356a8f60e6f1cdc) C:\WINDOWS\GATHER.KM
2010/11/21 13:25:06.0281 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/21 13:25:06.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/21 13:25:07.0546 fcdabus (1dde31983aafe1213f4dd262b079478f) C:\WINDOWS\system32\DRIVERS\fcdabus.sys
2010/11/21 13:25:08.0093 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/21 13:25:08.0609 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/21 13:25:09.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/21 13:25:09.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/21 13:25:10.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/21 13:25:11.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/21 13:25:11.0906 FVDSCSI (a14438ff33694fc98dd37167082338ec) C:\WINDOWS\system32\DRIVERS\fvdscsi.sys
2010/11/21 13:25:12.0750 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/21 13:25:13.0515 HBtnKey (85c1382042787f777dec5668b0b8946a) C:\WINDOWS\system32\DRIVERS\tkbtnpn.sys
2010/11/21 13:25:14.0031 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/21 13:25:14.0625 HSFHWICH (7b555ff6647069bd1d68b4f9556a7b16) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/21 13:25:16.0265 HSF_DP (43b60f94718841e13b9dd8905366bdbd) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/21 13:25:17.0343 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/21 13:25:18.0250 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/21 13:25:19.0031 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/21 13:25:19.0562 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/21 13:25:20.0750 ialm (a1d34220b152e73cdbf71a69606a2db1) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/21 13:25:21.0640 ibmfilter (6603a96f2ee0f88f53651adc4fcd7468) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/11/21 13:25:22.0500 IBMPMDRV (6207f110f2530f187bf876012ebec664) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/11/21 13:25:23.0281 IBMTPCHK (91e58bfc5f30874e03a91594e7fa8572) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2010/11/21 13:25:23.0828 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101118.005\IDSxpx86.sys
2010/11/21 13:25:24.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/21 13:25:25.0437 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/21 13:25:26.0156 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/21 13:25:26.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/21 13:25:27.0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/21 13:25:27.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/21 13:25:28.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/21 13:25:29.0171 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/21 13:25:29.0781 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/21 13:25:30.0812 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/21 13:25:31.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/21 13:25:31.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/21 13:25:32.0406 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/21 13:25:33.0203 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/21 13:25:33.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/21 13:25:34.0687 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/21 13:25:35.0671 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/21 13:25:36.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/21 13:25:37.0046 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/21 13:25:37.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/21 13:25:38.0718 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/21 13:25:39.0218 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/21 13:25:39.0765 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/21 13:25:40.0625 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/21 13:25:41.0359 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/21 13:25:42.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/21 13:25:42.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/21 13:25:43.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/21 13:25:44.0515 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/21 13:25:45.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/21 13:25:46.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/21 13:25:46.0562 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101118.002\NAVENG.SYS
2010/11/21 13:25:47.0640 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101118.002\NAVEX15.SYS
2010/11/21 13:25:48.0843 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/21 13:25:49.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/21 13:25:50.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/21 13:25:50.0765 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/21 13:25:51.0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/21 13:25:51.0937 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/21 13:25:52.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/21 13:25:53.0250 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/21 13:25:53.0781 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/21 13:25:54.0578 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/11/21 13:25:55.0375 Nsynas32 (4b4a21e158c039ee0888741bfe1d24e0) C:\WINDOWS\system32\drivers\Nsynas32.sys
2010/11/21 13:25:56.0406 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/21 13:25:57.0171 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/21 13:25:58.0812 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/21 13:26:00.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/21 13:26:00.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/21 13:26:01.0781 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/21 13:26:02.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/21 13:26:03.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/21 13:26:03.0609 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
2010/11/21 13:26:04.0406 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/21 13:26:05.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/21 13:26:06.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/21 13:26:09.0453 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/21 13:26:10.0187 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/21 13:26:10.0718 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2010/11/21 13:26:11.0578 portD (97152b53b88c82564cae86fe16635bdc) C:\WINDOWS\system32\DRIVERS\portd2k.sys
2010/11/21 13:26:12.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/21 13:26:12.0921 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/21 13:26:13.0453 psadd (fd5f021e63671f0d7e16e858f1b2d4ce) C:\WINDOWS\system32\Drivers\psadd.sys
2010/11/21 13:26:14.0234 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/21 13:26:14.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/21 13:26:15.0515 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/21 13:26:16.0250 QCNDISIF (92eae6227aa2611c6eab3345761403ad) C:\WINDOWS\system32\drivers\qcndisif.SYS
2010/11/21 13:26:16.0812 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/21 13:26:17.0578 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/21 13:26:18.0328 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/21 13:26:18.0953 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/21 13:26:19.0515 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/21 13:26:20.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/21 13:26:20.0859 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/21 13:26:21.0593 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/21 13:26:22.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/21 13:26:22.0906 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/21 13:26:23.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/21 13:26:24.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/21 13:26:25.0140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/21 13:26:26.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/21 13:26:26.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/21 13:26:27.0593 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/21 13:26:28.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/21 13:26:28.0968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/21 13:26:29.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/21 13:26:30.0593 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/21 13:26:31.0390 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/21 13:26:31.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/21 13:26:32.0718 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
2010/11/21 13:26:33.0484 Shockprf (e467b7d35e5db9bd12e138cd5c7f4368) C:\WINDOWS\system32\drivers\Shockprf.sys
2010/11/21 13:26:34.0750 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/21 13:26:35.0265 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2010/11/21 13:26:35.0890 smwdm (b09f23bf6e451b7a492b4a3d5eacfb24) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/21 13:26:36.0500 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/11/21 13:26:37.0312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/21 13:26:37.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/21 13:26:38.0750 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/21 13:26:39.0890 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS
2010/11/21 13:26:40.0812 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
2010/11/21 13:26:41.0734 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/21 13:26:42.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/21 13:26:43.0265 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/21 13:26:44.0031 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/21 13:26:44.0781 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/21 13:26:45.0843 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
2010/11/21 13:26:47.0218 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
2010/11/21 13:26:48.0203 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/21 13:26:49.0109 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
2010/11/21 13:26:50.0250 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
2010/11/21 13:26:51.0015 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/21 13:26:51.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/21 13:26:52.0500 SynasUSB (2f24ed50b10d4f741b8f376803f40f77) C:\WINDOWS\system32\drivers\SynasUSB.sys
2010/11/21 13:26:53.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/21 13:26:53.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/21 13:26:54.0640 TcUsb (bbb66f80b72932182d8015f80934e527) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/11/21 13:26:55.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/21 13:26:55.0953 TDSMAPI (e9512ac82fff83808549267078b38fe5) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2010/11/21 13:26:56.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/21 13:26:57.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/21 13:26:58.0109 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/21 13:26:58.0859 Tp4Track (0229c7ba5a1f1b95b4fc03872ff25831) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2010/11/21 13:26:59.0625 TPDiskPM (ac7543f9adb2127f70de192089da9a1f) C:\WINDOWS\system32\drivers\TPDiskPM.sys
2010/11/21 13:27:00.0156 TPHKDRV (63421f480e7cd375329ace8588fed1ac) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2010/11/21 13:27:00.0937 TPInput (f53589467c0a112bec1835c72457a8a1) C:\WINDOWS\system32\DRIVERS\TPInput.sys
2010/11/21 13:27:01.0703 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2010/11/21 13:27:02.0218 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/11/21 13:27:03.0062 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/21 13:27:03.0593 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/21 13:27:04.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/21 13:27:05.0531 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/21 13:27:06.0281 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/21 13:27:07.0093 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/21 13:27:07.0828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/21 13:27:08.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/21 13:27:09.0171 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/21 13:27:09.0734 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/21 13:27:11.0031 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/21 13:27:11.0578 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
2010/11/21 13:27:12.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/21 13:27:13.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/21 13:27:14.0734 winachsf (c3d9c524cd25e19d212cacbfb925ee1f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/21 13:27:15.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/21 13:27:16.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/21 13:27:16.0625 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/21 13:27:16.0671 ================================================================================
2010/11/21 13:27:16.0671 Scan finished
2010/11/21 13:27:16.0671 ================================================================================
2010/11/21 13:27:16.0703 Detected object count: 1
2010/11/21 13:27:57.0765 \HardDisk0 - will be cured after reboot
2010/11/21 13:27:57.0765 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/21 13:28:15.0515 Deinitialize success

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 22 November 2010 - 06:59 PM

Hello, JMil.

Ok, great, it looks like it got it. Please re-download and run Combofix as instructed earlier. It should run now.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 22 November 2010 - 10:58 PM

Combofix still hangs the machine. It starts, checked for updates and set a restore point but after opening the command window and saying badly infected machines may take longer than 10 minutes, disk accessing stops after about 5 minutes and the machine is hung. I've left it in this state for an hour before giving up.

Jer

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 23 November 2010 - 06:26 PM

Hello, JMil.
OK, please run TDSSKiller again, let's make sure that gone. If yes, we'll do some cleanup manually.



Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 JMil

JMil
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 23 November 2010 - 08:51 PM

TDSS & MBAM ran successfully, logs follow.


2010/11/23 19:30:54.0359 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/23 19:30:54.0359 ================================================================================
2010/11/23 19:30:54.0359 SystemInfo:
2010/11/23 19:30:54.0359
2010/11/23 19:30:54.0359 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/23 19:30:54.0359 Product type: Workstation
2010/11/23 19:30:54.0359 ComputerName: IJER
2010/11/23 19:30:54.0359 UserName: Jer
2010/11/23 19:30:54.0359 Windows directory: C:\WINDOWS
2010/11/23 19:30:54.0359 System windows directory: C:\WINDOWS
2010/11/23 19:30:54.0359 Processor architecture: Intel x86
2010/11/23 19:30:54.0359 Number of processors: 1
2010/11/23 19:30:54.0359 Page size: 0x1000
2010/11/23 19:30:54.0359 Boot type: Normal boot
2010/11/23 19:30:54.0359 ================================================================================
2010/11/23 19:30:55.0437 Initialize success
2010/11/23 19:31:04.0125 ================================================================================
2010/11/23 19:31:04.0125 Scan started
2010/11/23 19:31:04.0125 Mode: Manual;
2010/11/23 19:31:04.0125 ================================================================================
2010/11/23 19:31:06.0125 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/23 19:31:06.0656 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/11/23 19:31:07.0250 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/23 19:31:08.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/23 19:31:08.0656 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/23 19:31:09.0484 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/11/23 19:31:10.0625 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/23 19:31:11.0187 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/23 19:31:11.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/23 19:31:12.0500 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/23 19:31:13.0093 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/23 19:31:13.0531 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/23 19:31:14.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/23 19:31:14.0531 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/23 19:31:15.0046 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/23 19:31:15.0781 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/23 19:31:16.0281 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/23 19:31:16.0765 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/23 19:31:17.0281 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2010/11/23 19:31:17.0968 AR5211 (0c2f02c37ff874cdf032a2ed0097f867) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2010/11/23 19:31:18.0640 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/23 19:31:19.0140 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/23 19:31:19.0625 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/23 19:31:20.0203 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/23 19:31:20.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/23 19:31:22.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/23 19:31:22.0828 AtmelTpm (a58a2c7358280d689d72e47e878f769e) C:\WINDOWS\system32\DRIVERS\AtmelTpm.sys
2010/11/23 19:31:23.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/23 19:31:24.0421 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/23 19:31:25.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/23 19:31:25.0937 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/23 19:31:26.0593 btaudio (f9b7bf50bb2111019f00bcf168754b50) C:\WINDOWS\system32\drivers\btaudio.sys
2010/11/23 19:31:27.0484 BTDriver (2ec53b652b8a425930611163c226788e) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/11/23 19:31:29.0093 BTKRNL (9eb1a41f33f834dee770777a4f507eff) C:\WINDOWS\system32\drivers\btkrnl.sys
2010/11/23 19:31:30.0343 BTWDNDIS (12bd8fa13f7bb232121402e543a8441b) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/11/23 19:31:30.0828 BTWUSB (2b53ddcc571948ddf0fd89b2589da435) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/11/23 19:31:31.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/23 19:31:32.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/23 19:31:33.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/23 19:31:34.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/23 19:31:34.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/23 19:31:35.0781 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/23 19:31:37.0296 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/23 19:31:37.0734 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/23 19:31:38.0484 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/23 19:31:39.0000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/23 19:31:39.0609 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/23 19:31:40.0125 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/23 19:31:40.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/23 19:31:41.0750 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/23 19:31:42.0625 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/23 19:31:43.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/23 19:31:43.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/23 19:31:44.0234 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/23 19:31:44.0718 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/23 19:31:45.0515 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/23 19:31:45.0984 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/23 19:31:46.0500 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/23 19:31:47.0312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/23 19:31:47.0843 fcdabus (1dde31983aafe1213f4dd262b079478f) C:\WINDOWS\system32\DRIVERS\fcdabus.sys
2010/11/23 19:31:48.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/23 19:31:48.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/23 19:31:49.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/23 19:31:50.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/23 19:31:50.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/23 19:31:51.0609 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/23 19:31:52.0218 FVDSCSI (a14438ff33694fc98dd37167082338ec) C:\WINDOWS\system32\DRIVERS\fvdscsi.sys
2010/11/23 19:31:52.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/23 19:31:53.0281 HBtnKey (85c1382042787f777dec5668b0b8946a) C:\WINDOWS\system32\DRIVERS\tkbtnpn.sys
2010/11/23 19:31:53.0968 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/23 19:31:54.0625 HSFHWICH (7b555ff6647069bd1d68b4f9556a7b16) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/23 19:31:55.0781 HSF_DP (43b60f94718841e13b9dd8905366bdbd) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/23 19:31:56.0921 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/23 19:31:57.0625 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/23 19:31:58.0203 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/23 19:31:59.0140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/23 19:32:00.0031 ialm (a1d34220b152e73cdbf71a69606a2db1) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/23 19:32:00.0875 ibmfilter (6603a96f2ee0f88f53651adc4fcd7468) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/11/23 19:32:02.0093 IBMPMDRV (6207f110f2530f187bf876012ebec664) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/11/23 19:32:03.0078 IBMTPCHK (91e58bfc5f30874e03a91594e7fa8572) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2010/11/23 19:32:05.0250 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSxpx86.sys
2010/11/23 19:32:05.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/23 19:32:06.0718 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/23 19:32:07.0437 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/23 19:32:07.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/23 19:32:08.0406 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/23 19:32:08.0875 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/23 19:32:09.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/23 19:32:09.0890 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/23 19:32:10.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/23 19:32:11.0421 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/23 19:32:11.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/23 19:32:12.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/23 19:32:13.0437 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/23 19:32:13.0921 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/23 19:32:14.0484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/23 19:32:15.0046 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/23 19:32:16.0328 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/23 19:32:16.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/23 19:32:17.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/23 19:32:18.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/23 19:32:18.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/23 19:32:19.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/23 19:32:19.0718 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/23 19:32:20.0515 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/23 19:32:21.0218 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/23 19:32:21.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/23 19:32:22.0656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/23 19:32:28.0187 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/23 19:32:28.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/23 19:32:29.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/23 19:32:30.0187 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/23 19:32:31.0250 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101122.022_1cb\NAVENG.SYS
2010/11/23 19:32:32.0718 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101122.022_1cb\NAVEX15.SYS
2010/11/23 19:32:34.0234 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/23 19:32:34.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/23 19:32:35.0625 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/23 19:32:36.0218 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/23 19:32:36.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/23 19:32:37.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/23 19:32:37.0984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/23 19:32:38.0562 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/23 19:32:39.0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/23 19:32:40.0109 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2010/11/23 19:32:40.0875 Nsynas32 (4b4a21e158c039ee0888741bfe1d24e0) C:\WINDOWS\system32\drivers\Nsynas32.sys
2010/11/23 19:32:41.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/23 19:32:42.0531 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/23 19:32:44.0109 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/23 19:32:45.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/23 19:32:46.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/23 19:32:46.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/23 19:32:47.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/23 19:32:48.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/23 19:32:48.0781 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
2010/11/23 19:32:49.0515 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/23 19:32:50.0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/23 19:32:51.0187 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/23 19:32:53.0156 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/23 19:32:53.0859 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/23 19:32:54.0390 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2010/11/23 19:32:55.0171 portD (97152b53b88c82564cae86fe16635bdc) C:\WINDOWS\system32\DRIVERS\portd2k.sys
2010/11/23 19:32:55.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/23 19:32:56.0687 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/23 19:32:57.0171 psadd (fd5f021e63671f0d7e16e858f1b2d4ce) C:\WINDOWS\system32\Drivers\psadd.sys
2010/11/23 19:32:58.0078 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/23 19:32:58.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/23 19:32:59.0046 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/23 19:32:59.0765 QCNDISIF (92eae6227aa2611c6eab3345761403ad) C:\WINDOWS\system32\drivers\qcndisif.SYS
2010/11/23 19:33:00.0515 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/23 19:33:01.0062 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/23 19:33:01.0531 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/23 19:33:02.0265 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/23 19:33:03.0062 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/23 19:33:03.0750 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/23 19:33:04.0234 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/23 19:33:05.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/23 19:33:05.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/23 19:33:06.0203 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/23 19:33:06.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/23 19:33:07.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/23 19:33:08.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/23 19:33:08.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/23 19:33:09.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/23 19:33:10.0343 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/23 19:33:10.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/23 19:33:11.0578 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/23 19:33:12.0078 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/23 19:33:12.0828 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/23 19:33:13.0359 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/23 19:33:14.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/23 19:33:14.0812 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
2010/11/23 19:33:15.0312 Shockprf (e467b7d35e5db9bd12e138cd5c7f4368) C:\WINDOWS\system32\drivers\Shockprf.sys
2010/11/23 19:33:16.0765 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/23 19:33:17.0234 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2010/11/23 19:33:18.0062 smwdm (b09f23bf6e451b7a492b4a3d5eacfb24) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/23 19:33:18.0671 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/11/23 19:33:19.0171 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/23 19:33:19.0953 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/23 19:33:20.0750 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/23 19:33:21.0828 SRTSP (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS
2010/11/23 19:33:22.0687 SRTSPX (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS
2010/11/23 19:33:23.0578 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/23 19:33:24.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/23 19:33:25.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/23 19:33:26.0140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/23 19:33:26.0843 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/23 19:33:27.0796 SymDS (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS
2010/11/23 19:33:29.0140 SymEFA (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS
2010/11/23 19:33:30.0046 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/23 19:33:30.0937 SymIRON (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS
2010/11/23 19:33:31.0906 SYMTDI (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS
2010/11/23 19:33:32.0375 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/23 19:33:33.0062 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/23 19:33:33.0546 SynasUSB (2f24ed50b10d4f741b8f376803f40f77) C:\WINDOWS\system32\drivers\SynasUSB.sys
2010/11/23 19:33:34.0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/23 19:33:35.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/23 19:33:35.0859 TcUsb (bbb66f80b72932182d8015f80934e527) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/11/23 19:33:36.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/23 19:33:37.0109 TDSMAPI (e9512ac82fff83808549267078b38fe5) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2010/11/23 19:33:37.0968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/23 19:33:38.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/23 19:33:39.0296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/23 19:33:40.0031 Tp4Track (0229c7ba5a1f1b95b4fc03872ff25831) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2010/11/23 19:33:40.0531 TPDiskPM (ac7543f9adb2127f70de192089da9a1f) C:\WINDOWS\system32\drivers\TPDiskPM.sys
2010/11/23 19:33:41.0265 TPHKDRV (63421f480e7cd375329ace8588fed1ac) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2010/11/23 19:33:42.0109 TPInput (f53589467c0a112bec1835c72457a8a1) C:\WINDOWS\system32\DRIVERS\TPInput.sys
2010/11/23 19:33:42.0578 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2010/11/23 19:33:43.0390 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/11/23 19:33:44.0140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/23 19:33:44.0671 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/23 19:33:45.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/23 19:33:46.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/23 19:33:47.0203 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/23 19:33:47.0937 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/23 19:33:48.0437 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/23 19:33:49.0171 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/23 19:33:49.0687 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/23 19:33:50.0203 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/23 19:33:50.0953 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/23 19:33:51.0500 WacomPen (aced8c149b30f8496c237bcba3727b48) C:\WINDOWS\system32\DRIVERS\wacompen.sys
2010/11/23 19:33:52.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/23 19:33:53.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/23 19:33:54.0484 winachsf (c3d9c524cd25e19d212cacbfb925ee1f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/23 19:33:55.0515 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/23 19:33:56.0171 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/23 19:33:56.0484 ================================================================================
2010/11/23 19:33:56.0484 Scan finished
2010/11/23 19:33:56.0484 ================================================================================
2010/11/23 19:36:16.0500 Deinitialize success




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5178

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/23/2010 8:24:49 PM
mbam-log-2010-11-23 (20-24-49).txt

Scan type: Quick scan
Objects scanned: 159266
Time elapsed: 32 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\.Net CLR (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\.net clr (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 24 November 2010 - 09:44 AM

Hello, JMil.
OK, please run TDSSKiller again, let's make sure that gone. If yes, we'll do some cleanup manually.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\1d480d61.dll
    C:\Documents and Settings\All Users\Application Data\OQHQ1H13.dat
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
    IE - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2870070046-1186256036-2191713935-1005\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
    O4 - HKLM..\Run: [UC_SMB] File not found
    O4 - HKU\S-1-5-19..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found
    O4 - HKU\S-1-5-20..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found
    O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users